Tarantool development patches archive
 help / color / mirror / Atom feed
From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org>
To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Subject: Re: [Tarantool-patches] [PATCH v4 02/16] sql: fix possible undefined behavior during cast
Date: Tue, 5 Oct 2021 12:00:40 +0300
Message-ID: <20211005090040.GB55311@tarantool.org> (raw)
In-Reply-To: <b69bf597-102c-dd04-7a95-a480ef70a674@tarantool.org>

Thank you for the review! My answers below.

On Mon, Oct 04, 2021 at 11:52:18PM +0200, Vladislav Shpilevoy wrote:
> Thanks for the fixes!
> 
> On 01.10.2021 14:48, imeevma@tarantool.org wrote:
> > This patch fixes possible undefined behavior during the implicit cast of
> > INTEGER to DOUBLE. The problem is, if the INTEGER is close enough to
> > 2^64, it will be cast to 2^64 when it is cast to DOUBLE. Since we have a
> > check for loss of precision, this will cause this DOUBLE to be cast to
> > an INTEGER, which will result in undefined behavior since this DOUBLE is
> > outside the range of INTEGER.
> > ---
> >  src/box/sql/mem.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c
> > index 24d6d7dbf..079083fa1 100644
> > --- a/src/box/sql/mem.c
> > +++ b/src/box/sql/mem.c
> > @@ -682,7 +682,7 @@ uint_to_double_precise(struct Mem *mem)
> >  	assert(mem->type == MEM_TYPE_UINT);
> >  	double d;
> >  	d = (double)mem->u.u;
> > -	if (mem->u.u != (uint64_t)d)
> > +	if (d == (double)UINT64_MAX || mem->u.u != (uint64_t)d)
> 
> What if uint really was UINT64_MAX? Then you treat its conversion
> into UINT64_MAX double as an error?
> 
The UINT64_MAX value is 2^64-1, which will change to 2^64 when INTEGER is cast
to DOUBLE. Since the cast is not exact, an error will be thrown anyway. The
question is what we will get when DOUBLE 2^64 is cast to INTEGER? Since it is
not defined, I decided to avoid this by adding a new restriction.

> Maybe we could simply refuse to convert all ints > 2^53 and <-2^53
> (or whatever is the precise int limit in double). All ints above
> these values will convert 'from time to time' depending on exact
> values, which does not look reliable anyway.
I don't think we should be doing this. One reason is that in this case
we must decide what to do with casts from DOUBLE to INTEGER, DOUBLE to
DECIMAL, DECIMAL to DOUBLE, and DECIMAL to INTEGER. I don't see simple
enough rules to give us an easy way to determine when we should allow
these casts and when we shouldn't. The current rule of "allow when cast
is exact" seems easier to understand and implement.

  reply	other threads:[~2021-10-05  9:00 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-01 12:48 [Tarantool-patches] [PATCH v4 00/16] sql: refactor aggregate functions Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 01/16] sql: remove MEM_Zero flag from struct MEM Mergen Imeev via Tarantool-patches
2021-10-04 21:51   ` Vladislav Shpilevoy via Tarantool-patches
2021-10-05  8:46     ` Mergen Imeev via Tarantool-patches
2021-10-05  9:42       ` Mergen Imeev via Tarantool-patches
2021-10-05 12:28         ` Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 02/16] sql: fix possible undefined behavior during cast Mergen Imeev via Tarantool-patches
2021-10-04 21:52   ` Vladislav Shpilevoy via Tarantool-patches
2021-10-05  9:00     ` Mergen Imeev via Tarantool-patches [this message]
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 03/16] sql: use register P1 for number of arguments Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 04/16] sql: remove AggStep0 and OP_BuiltinFunction0 Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 05/16] sql: move collation to struct sql_context Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 06/16] sql: introduce mem_append() Mergen Imeev via Tarantool-patches
2021-10-04 21:52   ` Vladislav Shpilevoy via Tarantool-patches
2021-10-05  9:32     ` Mergen Imeev via Tarantool-patches
2021-10-11 21:50       ` Vladislav Shpilevoy via Tarantool-patches
2021-10-19 10:49         ` Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 07/16] sql: remove sql_vdbemem_finalize() Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 08/16] sql: refactor SUM() function Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 09/16] sql: refactor TOTAL() function Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 10/16] sql: refactor AVG() function Mergen Imeev via Tarantool-patches
2021-10-04 21:53   ` Vladislav Shpilevoy via Tarantool-patches
2021-10-05  9:48     ` Mergen Imeev via Tarantool-patches
2021-10-11 21:50       ` Vladislav Shpilevoy via Tarantool-patches
2021-10-19 11:14         ` Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 11/16] sql: refactor COUNT() function Mergen Imeev via Tarantool-patches
2021-10-04 21:53   ` Vladislav Shpilevoy via Tarantool-patches
2021-10-05  9:55     ` Mergen Imeev via Tarantool-patches
2021-10-11 21:51       ` Vladislav Shpilevoy via Tarantool-patches
2021-10-19 11:17         ` Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 12/16] sql: refactor MIN() and MAX() functions Mergen Imeev via Tarantool-patches
2021-10-04 21:54   ` Vladislav Shpilevoy via Tarantool-patches
2021-10-05 10:07     ` Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 13/16] sql: refactor GROUP_CONCAT() function Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 14/16] sql: remove copying of result in finalizers Mergen Imeev via Tarantool-patches
2021-10-01 12:48 ` [Tarantool-patches] [PATCH v4 15/16] sql: remove MEM_TYPE_AGG Mergen Imeev via Tarantool-patches
2021-10-01 12:49 ` [Tarantool-patches] [PATCH v4 16/16] sql: remove field argv from struct sql_context Mergen Imeev via Tarantool-patches
2021-10-25 20:58 ` [Tarantool-patches] [PATCH v4 00/16] sql: refactor aggregate functions Vladislav Shpilevoy via Tarantool-patches
2021-10-26 10:34 Mergen Imeev via Tarantool-patches
2021-10-26 10:34 ` [Tarantool-patches] [PATCH v4 02/16] sql: fix possible undefined behavior during cast Mergen Imeev via Tarantool-patches

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211005090040.GB55311@tarantool.org \
    --to=tarantool-patches@dev.tarantool.org \
    --cc=imeevma@tarantool.org \
    --cc=v.shpilevoy@tarantool.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Tarantool development patches archive

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://lists.tarantool.org/tarantool-patches/0 tarantool-patches/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 tarantool-patches tarantool-patches/ https://lists.tarantool.org/tarantool-patches \
		tarantool-patches@dev.tarantool.org.
	public-inbox-index tarantool-patches

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git