On Sun, Jun 09, 2024 at 04:59:22PM -0400, Joseph Koshakow wrote:
> I originally added the helper functions to int.h thinking I'd find
> many more instances of overflow due to integer negation, however I
> didn't find that many. So let me know if you think we'd be better
> off without the functions.
I'd vote for the functions, even if it's just future-proofing at the
moment. IMHO it helps with readability, too.
> The following comment was in the code for parsing timestamps:
>
> /* check for just-barely overflow (okay except time-of-day wraps) */
> /* caution: we want to allow 1999-12-31 24:00:00 */
>
> I wasn't able to fully understand it even after staring at it for
> a while. Is the comment suggesting that it is ok for the months field,
> for example, to wrap around? That doesn't sound right to me I tested
> the supplied timestamp, 1999-12-31 24:00:00, and it behaves the same
> before and after the patch.
I haven't stared at this for a while like you, but I am likewise confused
at first glance. This dates back to commit 84df54b, and it looks like this
comment was present in the first version of the patch in the thread [0]. I
CTRL+F'd for any discussion about this but couldn't immediately find
anything.
> /* check the negative equivalent will fit without overflowing */
> if (unlikely(tmp > (uint16) (-(PG_INT16_MIN + 1)) + 1))
> goto out_of_range;
> +
> + /*
> + * special case the minimum integer because its negation cannot
> be
> + * represented
> + */
> + if (tmp == ((uint16) PG_INT16_MAX) + 1)
> + return PG_INT16_MIN;
> return -((int16) tmp);
My first impression is that there appears to be two overflow checks, one of
which sends us to out_of_range, and another that just returns a special
result. Why shouldn't we add a pg_neg_s16_overflow() and replace this
whole chunk with something like this?
if (unlikely(pg_neg_s16_overflow(tmp, &tmp)))
goto out_of_range;
else
return tmp;
> + return ((uint32) INT32_MAX) + 1;
> + return ((uint64) INT64_MAX) + 1;
nitpick: Any reason not to use PG_INT32_MAX/PG_INT64_MAX for these?
[0]
https://postgr.es/m/flat/CAFj8pRBwqALkzc%3D1WV%2Bh5e%2BDcALY2EizjHCvFi9vHbs%2Bz1OhjA%40mail.gmail.com
--
nathan
