Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words

David Rowley <dgrowleyml(at)gmail(dot)com> writes:
> FWIW, after sleeping, I'm now very much against using < rather than <=
> for the Assert. The reason being that it makes it impossible to build
> bms_prev_member() loops with a dynamic start point. Right now we
> document that we expect the loop to be started with -1, but if someone
> wants to start at some arbitrary point in the set, then they need to
> be able to pass some_member + 1. If some_member happens to be the
> highest bit in the last word then your Assert will fail for no good
> reason.

Hm. So the use-case you're imagining is "I know that N is a member
of this set, and I want to iterate through N as well as all smaller
members of this set"? I guess it's arguably possible, but I'm
dubious.

We have exactly one caller of this function at the moment, so it's
hard to construct any sweeping arguments about what people might
want to do with it. But I'd be inclined to read the use-cases
narrowly not broadly.

> I'm happy to push Greg's v5 patch if you have no counterarguments.

In the end this isn't something I find worth arguing about. If
you prefer v5, sure. I do suggest though that if we're installing
Asserts at all, defending against prevbit < -1 is worth doing.

regards, tom lane