public inbox for [email protected]  
help / color / mirror / Atom feed
From: Nathan Bossart <[email protected]>
To: Joseph Koshakow <[email protected]>
Cc: jian he <[email protected]>
Cc: Alexander Lakhin <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Andres Freund <[email protected]>
Subject: Re: Remove dependence on integer wrapping
Date: Mon, 22 Jul 2024 10:17:55 -0500
Message-ID: <Zp54I4WMbWW6AQnP@nathan> (raw)
In-Reply-To: <CAAvxfHfdPgtqFqsb=Nxa1oc6GsQ_U+k3rfneo-EjYG4bne_ksw@mail.gmail.com>
References: <CAAvxfHdX-t03LvxROxbyodBrtzBzZQEKdKB0FCpEr+p1JnFxsA@mail.gmail.com>
	<ZpVAvLbtUPnK1JKe@nathan>
	<CAAvxfHdYnTB7BjkRSPO8__wxB3880TiYD-TVU2uW8q1KbzymPg@mail.gmail.com>
	<Zpa0m_OVw_iWYicV@nathan>
	<CAAvxfHeFDyNZj+rjcuMkh+VTSYmhb_ZPpbdqZUJcjnT=X3ampA@mail.gmail.com>
	<CACJufxFkTACY6MprpewMncdOpL9dpZBcAGtc6WLfnScLknS3DA@mail.gmail.com>
	<CAAvxfHfeUmVMXU6883in2H-jJ+Vn2=mcSgVpsNDRTTK=OYDjoA@mail.gmail.com>
	<ZpqesU46GIKUvtmS@nathan>
	<Zpq0XUQ9neudWYgC@nathan>
	<CAAvxfHfdPgtqFqsb=Nxa1oc6GsQ_U+k3rfneo-EjYG4bne_ksw@mail.gmail.com>

On Fri, Jul 19, 2024 at 07:32:18PM -0400, Joseph Koshakow wrote:
> On Fri, Jul 19, 2024 at 2:45 PM Nathan Bossart <[email protected]>
> wrote:
>> +            /* dim[i] = 1 + upperIndx[i] - lowerIndx[i]; */
>> +            if (pg_add_s32_overflow(1, upperIndx[i], &dim[i]))
>> +                ereport(ERROR,
>> +                        (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
>> +                         errmsg("array upper bound is too large: %d",
>> +                                upperIndx[i])));
>> +            if (pg_sub_s32_overflow(dim[i], lowerIndx[i], &dim[i]))
>> +                ereport(ERROR,
>> +                        (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
>> +                         errmsg("array size exceeds the maximum allowed
> (%d)",
>> +                                (int) MaxArraySize)));
>>
>> I think the problem with fixing it this way is that it prohibits more than
>> is necessary.
> 
> My understanding is that 2147483647 (INT32_MAX) is not a valid upper
> bound, which is what the first overflow check is checking. Any query of
> the form
>     `INSERT INTO arroverflowtest(i[<lb>:2147483647]) VALUES ('{...}');`
> will fail with an error of
>     `ERROR:  array lower bound is too large: <lb>`
> 
> The reason is the following bounds check found in arrayutils.c
> 
>     /*
>      * Verify sanity of proposed lower-bound values for an array
>      *
>      * The lower-bound values must not be so large as to cause overflow when
>      * calculating subscripts, e.g. lower bound 2147483640 with length 10
>      * must be disallowed.  We actually insist that dims[i] + lb[i] be
>      * computable without overflow, meaning that an array with last
> subscript
>      * equal to INT_MAX will be disallowed.

I see.  I'm still not sure that this is the right place to enforce this
check, especially given we explicitly check the bounds later on in
construct_md_array().  Am I understanding correctly that the main
behavioral difference between these two approaches is that users will see
different error messages?

-- 
nathan






view thread (17+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Remove dependence on integer wrapping
  In-Reply-To: <Zp54I4WMbWW6AQnP@nathan>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox