Overflow hazard in pgbench
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: pgsql-hackers@lists.postgresql.org
Cc: Fabien COELHO <coelho@cri.ensmp.fr>
Date: 2021-06-27T17:39:03Z
Lists: pgsql-hackers
Attachments
- avoid-pgbench-overflow-hazard-1.patch (text/x-diff) patch
moonjelly just reported an interesting failure [1]. It seems that
with the latest bleeding-edge gcc, this code is misoptimized:
/* check random range */
if (imin > imax)
{
pg_log_error("empty range given to random");
return false;
}
else if (imax - imin < 0 || (imax - imin) + 1 < 0)
{
/* prevent int overflows in random functions */
pg_log_error("random range is too large");
return false;
}
such that the second if-test doesn't fire. Now, according to the C99
spec this code is broken, because the compiler is allowed to assume
that signed integer overflow doesn't happen, whereupon the second
if-block is provably unreachable. The failure still represents a gcc
bug, because we're using -fwrapv which should disable that assumption.
However, not all compilers have that switch, so it'd be better to code
this in a spec-compliant way. I suggest applying the attached in
branches that have the required functions.
[1] https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=moonjelly&dt=2021-06-26%2007%3A03%3A17
regards, tom lane
Commits
-
Don't depend on -fwrapv semantics in pgbench's random() function.
- 01697e92a460 15.0 landed
- be567deb3ac9 13.4 landed
- 3fd334795e26 12.8 landed
- 203c5aaaba56 14.0 landed