Re: Making the ENUM operators LEAKPROOF
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Laurenz Albe <laurenz.albe@cybertec.at>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2026-07-01T22:33:45Z
Lists: pgsql-hackers
Laurenz Albe <laurenz.albe@cybertec.at> writes: > This is an attempt to get the operators from the "enum_ops" operator > class LEAKPROOF. I think we should reject this idea. Our standard for marking functions leakproof has always included a requirement that the amount of code involved be small enough that one can immediately confirm that there is no information leak. I don't think that enum_cmp() can meet that standard; the length of your argument already proves the point. The issue here is not really "can I convince myself that it's safe today?". It's more about "am I willing to bet that no future code change is going to unintentionally break the property?". The more code involved, the riskier that bet. I know that you are going to say "but text_cmp covers a lot of ground, including code (in libc or ICU) that isn't even ours". To my mind, we made an exception for text_cmp because the performance consequences of not making it leakproof were unacceptable. I do not think enum_cmp() can clear that bar either. FWIW, I do agree that marking enum_eq leakproof is safe. How many of the use-cases you are worried about would be satisfied with that? regards, tom lane