BUG #17910: gcc-introduced load may cause concurrency bug

Поиск
Список
Период
Сортировка
От PG Bug reporting form
Тема BUG #17910: gcc-introduced load may cause concurrency bug
Дата
Msg-id 17910-9050afa682d5dc56@postgresql.org
обсуждение исходный текст
Ответы Re: BUG #17910: gcc-introduced load may cause concurrency bug
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged on the website:

Bug reference:      17910
Logged by:          Kunbo Zhang
Email address:      absoler@smail.nju.edu.cn
PostgreSQL version: 15.2
Operating system:   ubuntu 20.04
Description:

we discover that, under Ubuntu 20.04 with gcc-12.1, built
postgres-release-15.2 has an 
compiled-introduced load operation in "_bt_parallel_build_main(dsm_segment
*seg, shm_toc *toc)",

near src/backend/access/nbtree/nbtsort.c:1840, the source code is:

    if (!btshared->isconcurrent)
    {
        heapLockmode = ShareLock;
        indexLockmode = AccessExclusiveLock;
    }
    else
    {
        heapLockmode = ShareUpdateExclusiveLock;
        indexLockmode = RowExclusiveLock;
    }

the `btshared->isconcurrent` is only read once to control two if-branches

and the corresponding disassembly is:

/home/postgres-REL_15_2/src/backend/access/nbtree/nbtsort.c:1840
  56d415:    80 78 0a 01              cmpb   $0x1,0xa(%rax)   #
btshared->isconcurrent
/home/postgres-REL_15_2/src/backend/access/nbtree/nbtsort.c:1834
  56d419:    48 89 c3                 mov    %rax,%rbx
/home/postgres-REL_15_2/src/backend/access/nbtree/nbtsort.c:1840
  56d41c:    0f b6 40 0a              movzbl 0xa(%rax),%eax   #
btshared->isconcurrent
  56d420:    45 19 e4                 sbb    %r12d,%r12d
/home/postgres-REL_15_2/src/backend/access/nbtree/nbtsort.c:1849
  56d423:    8b 3b                    mov    (%rbx),%edi
/home/postgres-REL_15_2/src/backend/access/nbtree/nbtsort.c:1840
  56d425:    41 83 e4 05              and    $0x5,%r12d
  56d429:    41 83 c4 03              add    $0x3,%r12d
  56d42d:    f6 d8                    neg    %al
  56d42f:    45 19 f6                 sbb    %r14d,%r14d
  56d432:    41 83 c6 05              add    $0x5,%r14d

we can see the compiled program load `btshared->isconcurrent` twice, and
each loaded value is used
for an assignment. And `btshared->isconcurrent` seems to be a shared object,
if it's modified 
concurrently else where between the `cmp` and `mov` instructions, there may
be some concurrency 
bugs.

В списке pgsql-bugs по дате отправления: