I realize Postgres’ codebase is probably intractably large to begin using a tool like splint (http://www.splint.org ),
butthis is exactly the sort of thing it’ll catch. I’m pretty sure it would have warned in this case that the code
relieson an ordering of side effects that is left undefined by C standards (and as seen here implemented differently by
twodifferent compilers).
The workaround is to make separate assignments on separate lines, which act as sequence points to impose a total order
onthe side-effects in question.
—Jason
On Jan 28, 2014, at 2:12 PM, Christian Kruse <christian@2ndQuadrant.com> wrote:
> Hi,
>
> On 28/01/14 16:43, Christian Kruse wrote:
>> ereport(FATAL,
>> (errmsg("could not map anonymous shared memory: %m"),
>> (errno == ENOMEM) ?
>> errhint("This error usually means that PostgreSQL's request "
>> "for a shared memory segment exceeded available memory "
>> "or swap space. To reduce the request size (currently "
>> "%zu bytes), reduce PostgreSQL's shared memory usage, "
>> "perhaps by reducing shared_buffers or "
>> "max_connections.",
>> *size) : 0));
>>
>> did not emit a errhint when using clang, although errno == ENOMEM was
>> true. The same code works with gcc.
>
> According to http://llvm.org/bugs/show_bug.cgi?id=18644#c5 this is not
> a compiler bug but a difference between gcc and clang. Clang seems to
> use a left-to-right order of evaluation while gcc uses a right-to-left
> order of evaluation. So if errmsg changes errno this would lead to
> errno == ENOMEM evaluated to false. I added a watch point on errno and
> it turns out that exactly this happens: in src/common/psprintf.c line
> 114
>
> nprinted = vsnprintf(buf, len, fmt, args);
>
> errno gets set to 0. This means that we will miss errhint/errdetail if
> we use errno in a ternary operator and clang.
>
> Should we work on this issue?
>
> Best regards,
>
> --
> Christian Kruse http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Training & Services
>