Hi Tom, One of my students has hacked Clang to detect integer undefined behaviors in C, like this shift problem or signed overflows. This was the only problem that came up during a "make check" of a postgresql with this checking turned on, which is pretty cool.
I'd expect to be able to find more problems if I could get hold of a good fuzz tester for postgresql, or at least some much larger test inputs. Are there any of these you folks would suggest that I use? Thanks, John On 08/02/2010 09:06 AM, Tom Lane wrote: > "John Regehr" <reg...@cs.utah.edu> writes: >> Bug reference: 5590 >> Logged by: John Regehr >> Email address: reg...@cs.utah.edu >> PostgreSQL version: head 8/2/10 >> Operating system: OSX >> Description: undefined shift behavior >> Details: > >> During a "make check" the left-shift operator at tsquery_util.c 48:18 is >> passed a negative right-hand argument a number of times. > > Hmm. valcrc is declared as signed int32, so depending on what your > compiler thinks the semantics of % is, this clearly can potentially > happen. I notice the same problem in makeTSQuerySign() in tsquery_op.c. > > The fix is presumably to cast the valcrc value to unsigned int before > executing %. However, I'm a bit worried about whether this could change > the results, and if it did whether that would invalidate any on-disk > data structures. Oleg, Teodor, do either TSQuerySign or QTNode.sign > ever get to disk? > > John: how did you detect this? > > regards, tom lane > -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
