Teodor Sigaev <teodor@sigaev.ru> writes:
>> Are you sure this is safe, Teodor? I don't have time to study the
>> patch in detail, but offhand I think that it might have been better to
>> make allocatedMemory of type int64, just like the tuplesort.c memory
>> accounting variables are post-MaxAllocHuge. It's not obvious to me
>> that this variable isn't allowed to occasionally become negative, just
>> like in tuplesort.c. It looks like that *might* be true -- ginbulk.c
>> may let allocatedMemory go negative for a period, which would now be
>> broken.
> It could not be negative - subtruction is doing only around repalloc call, in
> all other places it only grows.
As long as we're certain of that, Size seems like the appropriate field
type. But I wonder if it'd be worth adding an assert to the subtraction
steps, ie
Assert(accum->allocatedMemory >= delta); accum->allocatedMemory -= delta;
regards, tom lane
