Don't depend on -fwrapv semantics in pgbench's random() function.

tglsfdc · tglsfdc · commit be567deb3ac9 · 2021-06-28T12:40:37.000-04:00
Instead use the common/int.h functions to check for integer overflow in a more C-standard-compliant fashion. This is motivated by recent failures on buildfarm member moonjelly, where it appears that development-tip gcc is optimizing without regard to the -fwrapv switch. Presumably that's a gcc bug that will be fixed soon, but we might as well install cleaner coding here rather than wait. (This does not address the question of whether we'll ever be able to get rid of using -fwrapv. Testing shows that this spot is the only place where doing so creates visible regression test failures, but unfortunately that proves very little.) Back-patch to v12. The common/int.h functions exist in v11, but that branch doesn't use them in any client-side code. I judge that this case isn't interesting enough in the real world to take even a small risk of issues from being the first such use. Tom Lane and Fabien Coelho Discussion: https://postgr.es/m/73927.1624815543@sss.pgh.pa.us
diff --git a/src/bin/pgbench/pgbench.c b/src/bin/pgbench/pgbench.c
@@ -2278,7 +2278,8 @@ evalStandardFunc(CState *st,
 		case PGBENCH_RANDOM_ZIPFIAN:
 			{
 				int64		imin,
-							imax;
+							imax,
+							delta;
 
 				Assert(nargs >= 2);
 
@@ -2287,12 +2288,13 @@ evalStandardFunc(CState *st,
 					return false;
 
 				/* check random range */
-				if (imin > imax)
+				if (unlikely(imin > imax))
 				{
 					pg_log_error("empty range given to random");
 					return false;
 				}
-				else if (imax - imin < 0 || (imax - imin) + 1 < 0)
+				else if (unlikely(pg_sub_s64_overflow(imax, imin, &delta) ||
+								  pg_add_s64_overflow(delta, 1, &delta)))
 				{
 					/* prevent int overflows in random functions */
 					pg_log_error("random range is too large");

Original file line number	Diff line number	Diff line change
`@@ -2278,7 +2278,8 @@ evalStandardFunc(CState *st,`
`2278`	`2278`	`case PGBENCH_RANDOM_ZIPFIAN:`
`2279`	`2279`	`{`
`2280`	`2280`	`int64 imin,`
`2281`		`- imax;`
	`2281`	`+ imax,`
	`2282`	`+ delta;`
`2282`	`2283`
`2283`	`2284`	`Assert(nargs >= 2);`
`2284`	`2285`
`@@ -2287,12 +2288,13 @@ evalStandardFunc(CState *st,`
`2287`	`2288`	`return false;`
`2288`	`2289`
`2289`	`2290`	`/* check random range */`
`2290`		`- if (imin > imax)`
	`2291`	`+ if (unlikely(imin > imax))`
`2291`	`2292`	`{`
`2292`	`2293`	`pg_log_error("empty range given to random");`
`2293`	`2294`	`return false;`
`2294`	`2295`	`}`
`2295`		`- else if (imax - imin < 0 \|\| (imax - imin) + 1 < 0)`
	`2296`	`+ else if (unlikely(pg_sub_s64_overflow(imax, imin, &delta) \|\|`
	`2297`	`+ pg_add_s64_overflow(delta, 1, &delta)))`
`2296`	`2298`	`{`
`2297`	`2299`	`/* prevent int overflows in random functions */`
`2298`	`2300`	`pg_log_error("random range is too large");`