Re: 9.3.9 and pg_multixact corruption

Thomas Munro writes:

> In various places we have int pageno = offset / (uint32) 1636, expanded
> from this macro (which calls the offset an xid):

It appears to depend on the context it is expanded in, as some of the
code must have gotten the segment number right:

,----[ ls -sh pg_multixact/members/ ]
| 256K 97E0
| [...]
| 256K A03B
| 24K A03C = -FFFF5FC4
| 0 FFFF5FC4
`----

> I don't really see how any uint32 value could produce such a pageno via
> that macro. Even if called in an environment where (xid) is accidentally
> an int, the int / unsigned expression would convert it to unsigned first
> (unless (xid) is a bigger type like int64_t: by the rules of int promotion
> you'd get signed division in that case, hmm...). But it's always called
> with a MultiXactOffset AKA uint32 variable.

I managed disassemble RecordNewMultiXact from the core dump using a
cross-binutils, and it reveals that the compiler[1] appears to have
indeed generated a signed division here. I'm attaching a piece of C
code that does the same computation as the assembly (I think), as well
as the disassembly itself.

regards,
Andreas

Footnotes:
[1] Sun C 5.12 SunOS_sparc Patch 148917-07 2013/10/18, 64-bit

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

uint32_t offset2page(uint32_t offset)
{
uint64_t l0, i3, i5, i4, l6_1, l6_2, o2, o4, o1, o3;
l0 = offset;
i3 = 0x5fc3e800ULL;
i5 = i3 ^ -375;
i4 = (int32_t)l0;

l6_1 = i4 * i5;
o2 = l6_1 >> 32;
o4 = l0 + o2;
o1 = ((int32_t)o4) >> 10;
o3 = ((int32_t)l0) >> 31;
l6_2 = o1 - o3;
return l6_2;
}

int main(int argc, char *argv[])
{
uint32_t page = offset2page(atol(argv[1]));
printf("page: %d\n", page);
printf("segment: %04X\n", (int32_t)page/32);
return 0;
}

RecordNewMultiXact:
100112be8: 07 00 04 01 sethi %hi(0x100400), %g3
100112bec: 9d e3 bf 30 save %sp, -208, %sp
100112bf0: 82 10 e2 bd or %g3, 0x2bd, %g1
100112bf4: 90 10 20 0e mov 0xe, %o0
100112bf8: a5 36 20 00 srl %i0, 0, %l2
100112bfc: 9f 28 70 0c sllx %g1, 0xc, %o7
100112c00: a2 0c a7 ff and %l2, 0x7ff, %l1
100112c04: b9 3e a0 00 sra %i2, 0, %i4
100112c08: b4 03 ed d8 add %o7, 0xdd8, %i2
100112c0c: b1 36 60 00 srl %i1, 0, %i0
100112c10: f0 23 a8 af st %i0, [ %sp + 0x8af ]
100112c14: b2 10 00 1b mov %i3, %i1
100112c18: 40 08 1d 66 call 0x10031a1b0 ; LWLockAcquire
100112c1c: 92 10 20 00 clr %o1
100112c20: 93 34 a0 0b srl %l2, 0xb, %o1
100112c24: 90 10 00 1a mov %i2, %o0
100112c28: 97 34 a0 00 srl %l2, 0, %o3
100112c2c: 7f ff f6 bd call 0x100110720 ; SimpleLruReadPage
100112c30: 94 10 20 01 mov 1, %o2
100112c34: fa 5e a0 00 ldx [ %i2 ], %i5
100112c38: ab 3a 20 00 sra %o0, 0, %l5
100112c3c: 96 10 20 01 mov 1, %o3
100112c40: a9 2d 70 03 sllx %l5, 3, %l4
100112c44: e0 5f 60 08 ldx [ %i5 + 8 ], %l0
100112c48: a7 3c 60 00 sra %l1, 0, %l3
100112c4c: ad 2c f0 02 sllx %l3, 2, %l6
100112c50: da 5c 00 14 ldx [ %l0 + %l4 ], %o5
100112c54: f0 23 40 16 st %i0, [ %o5 + %l6 ]
100112c58: d8 5e a0 00 ldx [ %i2 ], %o4
100112c5c: d4 5b 20 18 ldx [ %o4 + 0x18 ], %o2
100112c60: d6 2a 80 15 stb %o3, [ %o2 + %l5 ]
100112c64: 40 08 1f 2d call 0x10031a918 ; LWLockRelease
100112c68: 90 10 20 0e mov 0xe, %o0
100112c6c: 90 10 20 0f mov 0xf, %o0
100112c70: 40 08 1d 50 call 0x10031a1b0 ; LWLockAcquire
100112c74: 92 10 20 00 clr %o1
100112c78: 80 a7 20 00 cmp %i4, 0
100112c7c: 04 40 00 7c ble,pn %icc, 0x100112e6c
100112c80: 90 07 3f ff add %i4, -1, %o0
100112c84: e0 03 a8 af ld [ %sp + 0x8af ], %l0
100112c88: 37 17 f0 fa sethi %hi(0x5fc3e800), %i3
100112c8c: 86 10 3f ff mov -1, %g3
100112c90: ba 1e fe 89 xor %i3, -375, %i5
100112c94: d0 23 a8 b7 st %o0, [ %sp + 0x8b7 ]
100112c98: a2 10 26 64 mov 0x664, %l1
100112c9c: c0 23 a8 b3 clr [ %sp + 0x8b3 ]
100112ca0: 37 10 1e 0b sethi %hi(0x40782c00), %i3
100112ca4: b9 3c 20 00 sra %l0, 0, %i4
100112ca8: ac 4f 00 1d mulx %i4, %i5, %l6
100112cac: 95 35 b0 20 srlx %l6, 0x20, %o2
100112cb0: ba 10 26 63 mov 0x663, %i5
100112cb4: 98 04 00 0a add %l0, %o2, %o4
100112cb8: b8 10 20 01 mov 1, %i4
100112cbc: 93 3b 20 0a sra %o4, 0xa, %o1
100112cc0: 97 3c 20 1f sra %l0, 0x1f, %o3
100112cc4: ac 22 40 0b sub %o1, %o3, %l6
100112cc8: 89 2d a0 04 sll %l6, 4, %g4
100112ccc: 82 01 00 16 add %g4, %l6, %g1
100112cd0: b1 28 60 02 sll %g1, 2, %i0
100112cd4: 84 26 00 01 sub %i0, %g1, %g2
100112cd8: f0 03 a8 af ld [ %sp + 0x8af ], %i0
100112cdc: 9f 28 a0 03 sll %g2, 3, %o7
100112ce0: 90 05 80 0f add %l6, %o7, %o0
100112ce4: a7 2a 20 02 sll %o0, 2, %l3
100112ce8: a6 24 00 13 sub %l0, %l3, %l3
100112cec: 98 06 e1 11 add %i3, 0x111, %o4
100112cf0: 0b 14 07 82 sethi %hi(0x501e0800), %g5
100112cf4: 89 36 20 02 srl %i0, 2, %g4
100112cf8: ae 01 63 45 add %g5, 0x345, %l7
100112cfc: 97 33 20 00 srl %o4, 0, %o3
100112d00: 82 49 00 0b mulx %g4, %o3, %g1
100112d04: 9a 49 00 17 mulx %g4, %l7, %o5
100112d08: 91 30 70 20 srlx %g1, 0x20, %o0
100112d0c: 9e 21 00 08 sub %g4, %o0, %o7
100112d10: 8b 33 e0 01 srl %o7, 1, %g5
100112d14: ae 02 00 05 add %o0, %g5, %l7
100112d18: 95 33 70 20 srlx %o5, 0x20, %o2
100112d1c: 9b 35 e0 04 srl %l7, 4, %o5
100112d20: 85 32 a0 07 srl %o2, 7, %g2
100112d24: 94 0b 7f f0 and %o5, -16, %o2
100112d28: c4 23 a8 bf st %g2, [ %sp + 0x8bf ]
100112d2c: 9f 35 e0 08 srl %l7, 8, %o7
100112d30: 80 a0 80 03 cmp %g2, %g3
100112d34: 96 02 80 0f add %o2, %o7, %o3
100112d38: 99 2a e0 02 sll %o3, 2, %o4
100112d3c: 92 23 00 0b sub %o4, %o3, %o1
100112d40: 96 0e 20 03 and %i0, 3, %o3
100112d44: 83 2a 60 03 sll %o1, 3, %g1
100112d48: 90 03 c0 01 add %o7, %g1, %o0
100112d4c: 8a 21 00 08 sub %g4, %o0, %g5
100112d50: 89 29 60 02 sll %g5, 2, %g4
100112d54: ae 01 00 05 add %g4, %g5, %l7
100112d58: af 2d e0 02 sll %l7, 2, %l7
100112d5c: b1 32 e0 00 srl %o3, 0, %i0
100112d60: 94 05 e0 04 add %l7, 4, %o2
100112d64: 9b 2e 20 02 sll %i0, 2, %o5
100112d68: 98 02 80 0d add %o2, %o5, %o4
100112d6c: 89 2a e0 03 sll %o3, 3, %g4
100112d70: c8 23 a8 bb st %g4, [ %sp + 0x8bb ]
100112d74: b1 3b 20 00 sra %o4, 0, %i0
100112d78: 02 40 00 0a be,pn %icc, 0x100112da0
100112d7c: af 3d e0 00 sra %l7, 0, %l7
100112d80: 90 06 bf a8 add %i2, -88, %o0
100112d84: 93 3d a0 00 sra %l6, 0, %o1
100112d88: 97 34 a0 00 srl %l2, 0, %o3
100112d8c: 7f ff f6 65 call 0x100110720 ; SimpleLruReadPage
100112d90: 94 10 20 01 mov 1, %o2
100112d94: ab 3a 20 00 sra %o0, 0, %l5
100112d98: c6 03 a8 bf ld [ %sp + 0x8bf ], %g3
100112d9c: a9 2d 70 03 sllx %l5, 3, %l4
100112da0: d2 5e bf a8 ldx [ %i2 + -88 ], %o1
100112da4: 89 3e 20 00 sra %i0, 0, %g4
100112da8: 98 10 20 ff mov 0xff, %o4
100112dac: f0 06 60 00 ld [ %i1 ], %i0
100112db0: a6 04 e0 01 inc %l3
100112db4: ca 5a 60 08 ldx [ %o1 + 8 ], %g5
100112db8: c1 6e 61 00 prefetch [ %i1 + 0x100 ], #n_reads
100112dbc: c4 59 40 14 ldx [ %g5 + %l4 ], %g2
100112dc0: f0 20 80 04 st %i0, [ %g2 + %g4 ]
100112dc4: de 5e bf a8 ldx [ %i2 + -88 ], %o7
100112dc8: ca 06 60 04 ld [ %i1 + 4 ], %g5
100112dcc: b2 06 60 08 add %i1, 8, %i1
100112dd0: d0 5b e0 08 ldx [ %o7 + 8 ], %o0
100112dd4: de 03 a8 bb ld [ %sp + 0x8bb ], %o7
100112dd8: da 5a 00 14 ldx [ %o0 + %l4 ], %o5
100112ddc: d2 03 40 17 ld [ %o5 + %l7 ], %o1
100112de0: 97 2b 00 0f sll %o4, %o7, %o3
100112de4: 94 3a e0 00 xnor %o3, 0, %o2
100112de8: b0 0a 40 0a and %o1, %o2, %i0
100112dec: 89 29 40 0f sll %g5, %o7, %g4
100112df0: 82 16 00 04 or %i0, %g4, %g1
100112df4: c2 23 40 17 st %g1, [ %o5 + %l7 ]
100112df8: de 5e bf a8 ldx [ %i2 + -88 ], %o7
100112dfc: d0 5b e0 18 ldx [ %o7 + 0x18 ], %o0
100112e00: f8 2a 00 15 stb %i4, [ %o0 + %l5 ]
100112e04: d8 03 a8 b3 ld [ %sp + 0x8b3 ], %o4
100112e08: ee 03 a8 af ld [ %sp + 0x8af ], %l7
100112e0c: 9a 05 e0 01 add %l7, 1, %o5
100112e10: da 23 a8 af st %o5, [ %sp + 0x8af ]
100112e14: 94 03 20 01 add %o4, 1, %o2
100112e18: d4 23 a8 b3 st %o2, [ %sp + 0x8b3 ]
100112e1c: ae 02 80 10 add %o2, %l0, %l7
100112e20: 9b 35 e0 1f srl %l7, 0x1f, %o5
100112e24: 98 1b 60 01 xor %o5, 1, %o4
100112e28: 96 20 00 0c neg %o4, %o3
100112e2c: 92 0a c0 1d and %o3, %i5, %o1
100112e30: 8a 02 60 01 add %o1, 1, %g5
100112e34: 88 1c c0 05 xor %l3, %g5, %g4
100112e38: b1 31 20 00 srl %g4, 0, %i0
100112e3c: 82 20 00 18 neg %i0, %g1
100112e40: d6 03 a8 b7 ld [ %sp + 0x8b7 ], %o3
100112e44: 85 30 70 3f srlx %g1, 0x3f, %g2
100112e48: 9e 18 a0 01 xor %g2, 1, %o7
100112e4c: ae 20 00 0f neg %o7, %l7
100112e50: 80 a2 80 0b cmp %o2, %o3
100112e54: 90 0d e0 01 and %l7, 1, %o0
100112e58: 9a 0d c0 11 and %l7, %l1, %o5
100112e5c: ac 05 80 08 add %l6, %o0, %l6
100112e60: a6 24 c0 0d sub %l3, %o5, %l3
100112e64: 24 4f ff a2 ble,a %icc, 0x100112cec
100112e68: f0 03 a8 af ld [ %sp + 0x8af ], %i0
100112e6c: b0 10 20 0f mov 0xf, %i0
100112e70: 40 08 1e aa call 0x10031a918 ; LWLockRelease
100112e74: 81 e8 00 00 restore