Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wC566-001e3P-04 for pgsql-hackers@arkaria.postgresql.org; Mon, 13 Apr 2026 00:24:14 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wC564-003brR-0Y for pgsql-hackers@arkaria.postgresql.org; Mon, 13 Apr 2026 00:24:13 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wC563-003brJ-2b for pgsql-hackers@lists.postgresql.org; Mon, 13 Apr 2026 00:24:12 +0000 Received: from mail-pj1-x1035.google.com ([2607:f8b0:4864:20::1035]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wC562-00000000kYF-1LJR for pgsql-hackers@lists.postgresql.org; Mon, 13 Apr 2026 00:24:12 +0000 Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-35da1af3e10so3868799a91.3 for ; Sun, 12 Apr 2026 17:24:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776039848; x=1776644648; darn=lists.postgresql.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=kXV5VZ8B8Z5QE/QOEaV02XcXmD3VPUzRY2dGq4GAH5k=; b=FAEPtHVWg4lGX0Imw2oc6IYQfK4ckY8zkB8CWO/ztksTOHDIzRdeipAyq03Ho4LteH wa2xoJ5Y4z7PAsq2yZD8miJ1mP31fvujfw7qkb6ZWvHJ3xrfW5Beo5e2+m9nBcruBlSz CxgPL5FkTTDV8KV4xMngihSeKzoTA4Y1v5cRglEdsQhhzQmOy1PFUcFmspJ180hHsBvG Pn7cdYHQcHQsLESTo+qmHWLEpk6fjsQ9mfkZ0kabD5P9m+9rzyb0p08Fp23mCR8a4JD8 4P5Y9p7vLgXfZGnUuTy/cqMMTafNUA1FN5+yybx646pTJdwhG8PjH0NbyhypDrO1cvjq ynLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776039848; x=1776644648; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=kXV5VZ8B8Z5QE/QOEaV02XcXmD3VPUzRY2dGq4GAH5k=; b=gbmvsvKqt+9o43//1ane0WXFJ6yH28A0gFZEbG6LZ18yaTGy68NW4OS20QYlX0A+Ie C2VZn1DvPxkPY6ppQXBGkaoUf9nrLCNfYilOPGFtS7sl7T4Pcvi270fRcQKXitwQrm6L QqGjbYNwgh/cl6Ehlf+6Mlu1KLBO1GwT9X+roU5SXdDEY0Dbvp+GvZGJJNopZ/x1W4mH apVcoJmue5ThRhwKYX5QMzi2BZutY0b2Kywt0tMio3FpvQpaGjAV8BTFUwWyEvcJ/JWX /srSsHDyc/nx1pnHq2Q4KtBpB2brcMgnRyN6Y6jkg5DOrffPAEJk2d9G4hvSIZuuP+lh evpw== X-Forwarded-Encrypted: i=1; AFNElJ9IJy7ac/P8c+6IB515GbJpyGCslQOYrxO9AeZk0e3GjzPSarGn58pT/4DqlmkZsPKjVblc1ef9ZBfHB02+@lists.postgresql.org X-Gm-Message-State: AOJu0Yxr+TOww7aqda67gHxdc32BK8g1MUCjdEkQPVjO3yYerb6x/y1Z P/a6TRyNHcuzOlTAxDapJ+v0wFPRZb78LiJg1rymSqsJ5CLY1YILJq0k X-Gm-Gg: AeBDies3CXdUvpRLFOwpJNEDuiOu8pYW4dczcrpfF8ekGJup3rGUW/z2SINjtLleL/6 oIGBxDfjFS/ZJRqIZH/zLzlUCTXh45y7K2xtQO0KsQzaNqThsyzyz1fOaqA2KVHDP38fEsXk1J7 hVUwyezo7tASakLflG4piiPHgo+m11k9SnDPPtebCYKCDpTM+Su+fjFK2Y5BddLy8U+ZSC5gQ9H NhHTF7Hj9o9rT+DCy76iGJmEMoTa+u9HQMtAOzB+lpz89gIf9DUjtg95jMknnsrxJxj/y1vp4sd SHi9NUrkI5kodaMWpUmYxVhEePCMFW2/8BEfNpCVhuZ2p/V8AKv0MOupd9n97SI7g4kgodq0R1J /uqSOu4ptcDjZc2nPto2onfI0abvAB5pX6JaO8wtoVLw3ngHStOzlvw0RiMrC79evETuH0h5JGO mdqbrWsmhErq+0TCBID+xdskNdkuJCnzE= X-Received: by 2002:a17:90b:4c4b:b0:35f:b6d3:da7d with SMTP id 98e67ed59e1d1-35fb6d3dce5mr1649681a91.17.1776039847457; Sun, 12 Apr 2026 17:24:07 -0700 (PDT) Received: from smtpclient.apple ([45.32.121.103]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-35e43063abfsm3368096a91.10.2026.04.12.17.24.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Apr 2026 17:24:06 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\)) Subject: Re: Small and unlikely overflow hazard in bms_next_member() From: Chao Li In-Reply-To: Date: Mon, 13 Apr 2026 08:23:26 +0800 Cc: Tom Lane , PostgreSQL Developers Content-Transfer-Encoding: quoted-printable Message-Id: <5E98992A-62D3-4961-B2F1-61246DB9D814@gmail.com> References: <3190647.1775103768@sss.pgh.pa.us> To: David Rowley X-Mailer: Apple Mail (2.3864.400.21) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On Apr 12, 2026, at 21:17, David Rowley wrote: >=20 > On Fri, 3 Apr 2026 at 15:08, David Rowley = wrote: >> IMO, if we can make bitmapset.c work with INT_MAX members and get a >> performance increase, then we should do it. >=20 > Re-thinking this after a week's holiday, it seems fine to use an > unsigned 32-bit int rather than a 64-bit int to fix this bug. I'd > previously been uncertain if there were any guarantees in C to what > (unsigned int) -1 would return, but going by [1] at 6.3.1.3, it says: >=20 > "Otherwise, if the new type is unsigned, the value is converted by > repeatedly adding or subtracting one more than the maximum value that > can be represented in the new type until the value is in the range of > the new type." >=20 > So, it seems even on one's complement that -1 as an unsigned int will > be UINT_MAX. When we add 1 to UINT_MAX, we're guaranteed to get 0, as > it's unsigned maths and overflows are going to result in a value > modulus the max value for the type. >=20 > That leads me to the attached v2 patch. Compiler Explorer link showing > the assembly at [2]. >=20 > Testing the performance, it's better than master, so I got rid of the > size_t wordnum stuff. We're post-freeze now, so fiddling with other > optimisations seems a bit off the table as there appears to be no > performance regression to compensate for now, per: >=20 > drowley@amd3990x:~$ gcc test_bms_next3.c -O2 -o test_bms_next3 && > ./test_bms_next3 > Benchmarking 100000000 bms_next_member iterations... > master: 1.18330 seconds > Patched: 1.05493 seconds >=20 > Benchmarking 100000000 bms_prev_member iterations... > master: 2.94522 seconds > Patched: 1.86130 seconds >=20 > drowley@amd3990x:~$ clang test_bms_next3.c -O2 -o test_bms_next3 && > ./test_bms_next3 > Benchmarking 100000000 bms_next_member iterations... > master: 1.07860 seconds > Patched: 1.07896 seconds >=20 > Benchmarking 100000000 bms_prev_member iterations... > master: 2.76550 seconds > Patched: 2.12369 seconds >=20 > David >=20 > [1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf > [2] https://godbolt.org/z/xW96rxd3P > = I just tried test_bms_next3 on my MacBook, looks like patched = bms_prev_member is much faster there. I ran about 10 times, the results = were consistent. ``` chaol@ChaodeMacBook-Air test % gcc test_bms_next3.c -O2 -o = test_bms_next3 test_bms_next3.c:281:18: warning: format specifies type 'long' but the = argument has type 'int64' (aka 'long long') [-Wformat] 281 | printf("%ld\n", count); | ~~~ ^~~~~ | %lld 1 warning generated. chaol@ChaodeMacBook-Air test % ./test_bms_next3 Benchmarking 100000000 bms_next_member iterations... master: 0.49287 seconds Patched: 0.47315 seconds Benchmarking 100000000 bms_prev_member iterations... master: 1.04644 seconds Patched: 0.58053 seconds 2800000000 ``` Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/