| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Joseph Koshakow <koshy44(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Andres Freund <andres(at)anarazel(dot)de> |
| Subject: | Re: Remove dependence on integer wrapping |
| Date: | 2024-06-10 01:48:12 |
| Message-ID: | ZmZbXK1CNMbkty0W@nathan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jun 09, 2024 at 04:59:22PM -0400, Joseph Koshakow wrote:
> I originally added the helper functions to int.h thinking I'd find
> many more instances of overflow due to integer negation, however I
> didn't find that many. So let me know if you think we'd be better
> off without the functions.
I'd vote for the functions, even if it's just future-proofing at the
moment. IMHO it helps with readability, too.
> The following comment was in the code for parsing timestamps:
>
> /* check for just-barely overflow (okay except time-of-day wraps) */
> /* caution: we want to allow 1999-12-31 24:00:00 */
>
> I wasn't able to fully understand it even after staring at it for
> a while. Is the comment suggesting that it is ok for the months field,
> for example, to wrap around? That doesn't sound right to me I tested
> the supplied timestamp, 1999-12-31 24:00:00, and it behaves the same
> before and after the patch.
I haven't stared at this for a while like you, but I am likewise confused
at first glance. This dates back to commit 84df54b, and it looks like this
comment was present in the first version of the patch in the thread [0]. I
CTRL+F'd for any discussion about this but couldn't immediately find
anything.
> /* check the negative equivalent will fit without overflowing */
> if (unlikely(tmp > (uint16) (-(PG_INT16_MIN + 1)) + 1))
> goto out_of_range;
> +
> + /*
> + * special case the minimum integer because its negation cannot be
> + * represented
> + */
> + if (tmp == ((uint16) PG_INT16_MAX) + 1)
> + return PG_INT16_MIN;
> return -((int16) tmp);
My first impression is that there appears to be two overflow checks, one of
which sends us to out_of_range, and another that just returns a special
result. Why shouldn't we add a pg_neg_s16_overflow() and replace this
whole chunk with something like this?
if (unlikely(pg_neg_s16_overflow(tmp, &tmp)))
goto out_of_range;
else
return tmp;
> + return ((uint32) INT32_MAX) + 1;
> + return ((uint64) INT64_MAX) + 1;
nitpick: Any reason not to use PG_INT32_MAX/PG_INT64_MAX for these?
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-06-10 01:57:54 | Re: Remove dependence on integer wrapping |
| Previous Message | jian he | 2024-06-10 00:00:00 | CheckMyDatabase some error messages in two lines. |