Tom Lane [Fri, 5 Jul 2024 21:32:55 +0000 (17:32 -0400)]
Fix placement of "static".
Various buildfarm critters were complaining about
pgbench.c:304:1: warning: 'static' is not at beginning of declaration [-Wold-style-declaration]
Evidently a thinko in
720b0eaae.
Nathan Bossart [Fri, 5 Jul 2024 19:42:55 +0000 (14:42 -0500)]
Remove check hooks for GUCs that contribute to MaxBackends.
Each of max_connections, max_worker_processes,
autovacuum_max_workers, and max_wal_senders has a GUC check hook
that verifies the sum of those GUCs does not exceed a hard-coded
limit (see the comment for MAX_BACKENDS in postmaster.h). In
general, the hooks effectively guard against egregious
misconfigurations.
However, this approach has some problems. Since these check hooks
are called as each GUC is assigned its user-specified value, only
one of the hooks will be called with all the relevant GUCs set. If
one or more of the user-specified values are less than the initial
values of the GUCs' underlying variables, false positives can
occur.
Furthermore, the error message emitted when one of the check hooks
fails is not tremendously helpful. For example, the command
$ pg_ctl -D . start -o "-c max_connections=262100 -c max_wal_senders=10000"
fails with the following error:
FATAL: invalid value for parameter "max_wal_senders": 10000
Fortunately, there is an extra copy of this check in
InitializeMaxBackends() that we can rely on, so this commit removes
the aforementioned GUC check hooks in favor of that one. It also
enhances the error message to clearly show the values of the
relevant GUCs and the hard-coded limit their sum may not exceed.
The downside of this change is that server startup progresses
further before failing due to such misconfigurations (thus taking
longer), but these failures are expected to be rare, so we don't
anticipate any real harm in practice.
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/ZnMr2k-Nk5vj7T7H%40nathan
Tom Lane [Fri, 5 Jul 2024 18:14:42 +0000 (14:14 -0400)]
Improve PL/Tcl's method for choosing Tcl names of procedures.
Previously, the internal name of a PL/Tcl function was just
"__PLTcl_proc_NNNN", where NNNN is the function OID. That's pretty
unhelpful when reading an error report. Plus it prevents us from
testing the CONTEXT output for PL/Tcl errors, since the OIDs shown
in the regression tests wouldn't be stable.
Instead, base the internal name on the result of format_procedure(),
which will be unique in most cases. For the edge cases where it's
not, we can append the function OID to make it unique.
Sadly, the pltcl_trigger.sql test script still has to suppress the
context reports, because they'd include trigger arguments which
contain relation OIDs per PL/Tcl's longstanding API for triggers.
I had to modify one existing test case to throw a different error
than before, because I found that Tcl 8.5 and Tcl 8.6 spell the
context message for the original error slightly differently.
We might have to make more adjustments in that vein once this
gets wider testing.
Patch by me; thanks to Pavel Stehule for the idea to use
format_procedure() rather than just the proname.
Discussion: https://postgr.es/m/890581.
1717609350@sss.pgh.pa.us
Tom Lane [Fri, 5 Jul 2024 17:12:34 +0000 (13:12 -0400)]
Doc: minor improvements for our "Brief History" chapter.
Add a link to Joe Hellerstein's paper "Looking Back at Postgres",
which is quite an interesting take on the history of Postgres.
The reference to Appendix E was written when we were still keeping
the entire release-note history there, which we stopped doing some
years ago when the O(N^2) cost of that started to become apparent.
Instead, point to the release note archives on the website.
(This per suggestion from Daniel Gustafsson.)
In passing, move the "ports12" biblioentry to be in alphabetical
order within that section.
Discussion: https://postgr.es/m/
3345678.
1720071633@sss.pgh.pa.us
Michael Paquier [Fri, 5 Jul 2024 08:41:49 +0000 (17:41 +0900)]
Support loading of injection points
This can be used to load an injection point and prewarm the
backend-level cache before running it, to avoid issues if the point
cannot be loaded due to restrictions in the code path where it would be
run, like a critical section where no memory allocation can happen
(load_external_function() can do allocations when expanding a library
name).
Tests can use a macro called INJECTION_POINT_LOAD() to load an injection
point. The test module injection_points gains some tests, and a SQL
function able to load an injection point.
Based on a request from Andrey Borodin, who has implemented a test for
multixacts requiring this facility.
Reviewed-by: Andrey Borodin
Discussion: https://postgr.es/m/
[email protected]
Heikki Linnakangas [Fri, 5 Jul 2024 08:21:46 +0000 (11:21 +0300)]
Lift limitation that PGPROC->links must be the first field
Since commit
5764f611e1, we've been using the ilist.h functions for
handling the linked list. There's no need for 'links' to be the first
element of the struct anymore, except for one call in InitProcess
where we used a straight cast from the 'dlist_node *' to PGPROC *,
without the dlist_container() macro. That was just an oversight in
commit
5764f611e1, fix it.
There no imminent need to move 'links' from being the first field, but
let's be tidy.
Reviewed-by: Aleksander Alekseev, Andres Freund
Discussion: https://www.postgresql.org/message-id/
22aa749e-cc1a-424a-b455-
21325473a794@iki.fi
David Rowley [Fri, 5 Jul 2024 05:51:27 +0000 (17:51 +1200)]
Improve memory management and performance of tuplestore.c
Here we make tuplestore.c use a generation.c memory context rather than
allocating tuples into the CurrentMemoryContext, which primarily is the
ExecutorState or PortalHoldContext memory context. Not having a
dedicated context can cause the CurrentMemoryContext context to become
bloated when pfree'd chunks are not reused by future tuples. Using
generation speeds up users of tuplestore.c, such as the Materialize,
WindowAgg and CTE Scan executor nodes. The main reason for the speedup is
due to generation.c being more memory efficient than aset.c memory
contexts. Specifically, generation does not round sizes up to the next
power of 2 value. This both saves memory, allowing more tuples to fit in
work_mem, but also makes the memory usage more compact and fit on fewer
cachelines. One benchmark showed up to a 22% performance increase in a
query containing a Materialize node. Much higher gains are possible if
the memory reduction prevents tuplestore.c from spilling to disk. This is
especially true for WindowAgg nodes where improvements of several thousand
times are possible if the memory reductions made here prevent tuplestore
from spilling to disk.
Additionally, a generation.c memory context is much better suited for this
job as it works well with FIFO palloc/pfree patterns, which is exactly how
tuplestore.c uses it. Because of the way generation.c allocates memory,
tuples consecutively stored in tuplestores are much more likely to be
stored consecutively in memory. This allows the CPU's hardware prefetcher
to work more efficiently as it provides a more predictable pattern to
allow cachelines for the next tuple to be loaded from RAM in advance of
them being needed by the executor.
Using a dedicated memory context for storing tuples also allows us to more
efficiently clean up the memory used by the tuplestore as we can reset or
delete the context rather than looping over all stored tuples and
pfree'ing them one by one.
Also, remove a badly placed USEMEM call in readtup_heap(). The tuple
wasn't being allocated in the Tuplestorestate's context, so no need to
adjust the memory consumed by the tuplestore there.
Author: David Rowley
Reviewed-by: Matthias van de Meent, Dmitry Dolgov
Discussion: https://postgr.es/m/CAApHDvp5Py9g4Rjq7_inL3-MCK1Co2CRt_YWFwTU2zfQix0p4A@mail.gmail.com
David Rowley [Fri, 5 Jul 2024 04:56:16 +0000 (16:56 +1200)]
Fix newly introduced issue in EXPLAIN for Materialize nodes
The code added in
1eff8279d was lacking a check to see if the tuplestore
had been created. In nodeMaterial.c this is done by ExecMaterial() rather
than by ExecInitMaterial(), so the tuplestore won't be created unless
the node has been executed at least once, as demonstrated by Alexander
in his report.
Here we skip showing any of the new EXPLAIN ANALYZE information when the
Materialize node has not been executed.
Reported-by: Alexander Lakhin
Discussion: https://postgr.es/m/
fe7fc8fb-86e5-ecb0-3cb2-
dd2c9a6c482f@gmail.com
Thomas Munro [Fri, 5 Jul 2024 03:25:31 +0000 (15:25 +1200)]
Add simple codepoint redirections to unaccent.rules.
Previously we searched for code points where the Unicode data file
listed an equivalent combining character sequence that added accents.
Some codepoints redirect to a single other codepoint, instead of doing
any combining. We can follow those references recursively to get the
answer.
Per bug report #18362, which reported missing Ancient Greek characters.
Specifically, precomposed characters with oxia (from the polytonic
accent system used for old Greek) just point to precomposed characters
with tonos (from the monotonic accent system for modern Greek), and we
have to follow the extra hop to find out that they are composed with
an acute accent.
Besides those, the new rule also:
* pulls in a lot of 'Mathematical Alphanumeric Symbols', which are
copies of the Latin and Greek alphabets and numbers rendered
in different typefaces, and
* corrects a single mathematical letter that previously came from the
CLDR transliteration file, but the new rule extracts from the main
Unicode database file, where clearly the latter is right and the
former is a wrong (reported to CLDR).
Reported-by: Cees van Zeeland <[email protected]>
Reviewed-by: Robert Haas <[email protected]>
Reviewed-by: Peter Eisentraut <[email protected]>
Reviewed-by: Michael Paquier <[email protected]>
Discussion: https://postgr.es/m/18362-
be6d0cfe122b6354%40postgresql.org
David Rowley [Fri, 5 Jul 2024 02:05:08 +0000 (14:05 +1200)]
Add memory/disk usage for Material nodes in EXPLAIN
Up until now, there was no ability to easily determine if a Material
node caused the underlying tuplestore to spill to disk or even see how
much memory the tuplestore used if it didn't.
Here we add some new functions to tuplestore.c to query this information
and add some additional output in EXPLAIN ANALYZE to display this
information for the Material node.
There are a few other executor node types that use tuplestores, so we
could also consider adding these details to the EXPLAIN ANALYZE for
those nodes too. Let's consider those independently from this. Having
the tuplestore.c infrastructure in to allow that is step 1.
Author: David Rowley
Reviewed-by: Matthias van de Meent, Dmitry Dolgov
Discussion: https://postgr.es/m/CAApHDvp5Py9g4Rjq7_inL3-MCK1Co2CRt_YWFwTU2zfQix0p4A@mail.gmail.com
Richard Guo [Fri, 5 Jul 2024 00:26:48 +0000 (09:26 +0900)]
Support "Right Semi Join" plan shapes
Hash joins can support semijoin with the LHS input on the right, using
the existing logic for inner join, combined with the assurance that only
the first match for each inner tuple is considered, which can be
achieved by leveraging the HEAP_TUPLE_HAS_MATCH flag. This can be very
useful in some cases since we may now have the option to hash the
smaller table instead of the larger.
Merge join could likely support "Right Semi Join" too. However, the
benefit of swapping inputs tends to be small here, so we do not address
that in this patch.
Note that this patch also modifies a test query in join.sql to ensure it
continues testing as intended. With this patch the original query would
result in a right-semi-join rather than semi-join, compromising its
original purpose of testing the fix for neqjoinsel's behavior for
semi-joins.
Author: Richard Guo
Reviewed-by: wenhui qiu, Alena Rybakina, Japin Li
Discussion: https://postgr.es/m/CAMbWs4_X1mN=ic+SxcyymUqFx9bB8pqSLTGJ-F=MHy4PW3eRXw@mail.gmail.com
Tom Lane [Thu, 4 Jul 2024 17:23:32 +0000 (13:23 -0400)]
Doc: small improvements in discussion of geometric data types.
State explicitly that the coordinates in our geometric data types are
float8. Also explain that polygons store their bounding box.
While here, fix the table of geometric data types to show type
"line"'s size correctly: it's 24 bytes not 32. This has somehow
escaped notice since that table was made in 1998.
Per suggestion from Sebastian Skałacki. The size error seems
important enough to justify back-patching.
Discussion: https://postgr.es/m/
172000045661.706.
1822177575291548794@wrigleys.postgresql.org
Alvaro Herrera [Thu, 4 Jul 2024 11:57:47 +0000 (13:57 +0200)]
Fix copy/paste mistake in comment
Backpatch to 17
Author: Yugo NAGATA <
[email protected]>
Discussion: https://postgr.es/m/
20240704134638.
355ad44a445fa1e764a220cd@sranhm.sraoss.co.jp
Alvaro Herrera [Thu, 4 Jul 2024 11:25:31 +0000 (13:25 +0200)]
Remove bogus assertion in pg_atomic_monotonic_advance_u64
This code wanted to ensure that the 'exchange' variable passed to
pg_atomic_compare_exchange_u64 has correct alignment, but apparently
platforms don't actually require anything that doesn't come naturally.
While messing with pg_atomic_monotonic_advance_u64: instead of using
Max() to determine the value to return, just use
pg_atomic_compare_exchange_u64()'s return value to decide; also, use
pg_atomic_compare_exchange_u64 instead of the _impl version; also remove
the unnecessary underscore at the end of variable name "target".
Backpatch to 17, where this code was introduced by commit
bf3ff7bf83bc.
Reported-by: Alexander Lakhin <[email protected]>
Discussion: https://postgr.es/m/
36796438-a718-cf9b-2071-
b2c1b947c1b5@gmail.com
Daniel Gustafsson [Thu, 4 Jul 2024 09:38:37 +0000 (11:38 +0200)]
doc: Specify when ssl_prefer_server_ciphers was added
The ssl_prefer_server_ciphers setting is quite important from a
security point of view, so simply stating that older versions
doesn't have it isn't very helpful. This adds the version when
the GUC was added to help readers.
Backpatch to all supported versions since this setting has been
around since 9.4.
Reviewed-by: Peter Eisentraut <[email protected]>
Reviewed-by: Tom Lane <[email protected]>
Discussion: https://postgr.es/m/
5D7E0F5E-E620-4D54-8788-
66D421AC76F0@yesql.se
Backpatch-through: v12
Michael Paquier [Thu, 4 Jul 2024 08:09:06 +0000 (17:09 +0900)]
Add pg_get_acl() to get the ACL for a database object
This function returns the ACL for a database object, specified by
catalog OID and object OID. This is useful to be able to
retrieve the ACL associated to an object specified with a
(class_id,objid) couple, similarly to the other functions for object
identification, when joined with pg_depend or pg_shdepend.
Original idea by Álvaro Herrera.
Bump catalog version.
Author: Joel Jacobson
Reviewed-by: Isaac Morland, Michael Paquier, Ranier Vilela
Discussion: https://postgr.es/m/
80b16434-b9b1-4c3d-8f28-
569f21c2c102@app.fastmail.com
Amit Langote [Fri, 28 Jun 2024 06:09:59 +0000 (15:09 +0900)]
SQL/JSON: Fix some obsolete comments.
JSON_OBJECT(), JSON_OBJETAGG(), JSON_ARRAY(), and JSON_ARRAYAGG()
added in
7081ac46ace are not transformed into direct calls to
user-defined functions as the comments claim. Fix by mentioning
instead that they are transformed into JsonConstructorExpr nodes,
which may call them, for example, for the *AGG() functions.
Reported-by: Alexander Lakhin <[email protected]>
Discussion: https://postgr.es/m/
058c856a-e090-ac42-ff00-
ffe394f52a87%40gmail.com
Backpatch-through: 16
Michael Paquier [Thu, 4 Jul 2024 00:48:40 +0000 (09:48 +0900)]
Assign error codes where missing for user-facing failures
All the errors triggered in the code paths patched here would cause the
backend to issue an internal_error errcode, which is a state that should
be used only for "can't happen" situations. However, these code paths
are reachable by the regression tests, and could be seen by users in
valid cases. Some regression tests expect internal errcodes as they
manipulate the backend state to cause corruption (like checksums), or
use elog() because it is more convenient (like injection points), these
have no need to change.
This reduces the number of internal failures triggered in a check-world
by more than half, while providing correct errcodes for these valid
cases.
Reviewed-by: Robert Haas
Discussion: https://postgr.es/m/
[email protected]
Alexander Korotkov [Wed, 3 Jul 2024 23:05:37 +0000 (02:05 +0300)]
Optimize memory access in GetRunningTransactionData()
e85662df44 made GetRunningTransactionData() calculate the oldest running
transaction id within the current database. This commit optimized this
calculation by performing a cheap transaction id comparison before fetching
the process database id, while the latter could cause extra cache misses.
Reported-by: Noah Misch
Discussion: https://postgr.es/m/
20240630231816.bf.nmisch%40google.com
Alexander Korotkov [Wed, 3 Jul 2024 23:05:27 +0000 (02:05 +0300)]
Fix typo in GetRunningTransactionData()
e85662df44 made GetRunningTransactionData() calculate the oldest running
transaction id within the current database. However, because of the typo,
the new code uses oldestRunningXid instead of oldestDatabaseRunningXid
in comparison before updating oldestDatabaseRunningXid. This commit fixes
that issue.
Reported-by: Noah Misch
Discussion: https://postgr.es/m/
20240630231816.bf.nmisch%40google.com
Backpatch-through: 17
David Rowley [Wed, 3 Jul 2024 21:44:34 +0000 (09:44 +1200)]
Remove incorrect Asserts in buffile.c
Both BufFileSize() and BufFileAppend() contained Asserts to ensure the
given BufFile(s) had a valid fileset. A valid fileset isn't required in
either of these functions, so remove the Asserts and adjust the
comments accordingly.
This was noticed while work was being done on a new patch to call
BufFileSize() on a BufFile without a valid fileset. It seems there's
currently no code in the tree which could trigger these Asserts, so no
need to backpatch this, for now.
Reviewed-by: Peter Geoghegan, Matthias van de Meent, Tom Lane
Discussion: https://postgr.es/m/CAApHDvofgZT0VzydhyGH5MMb-XZzNDqqAbzf1eBZV5HDm3%2BosQ%40mail.gmail.com
Nathan Bossart [Wed, 3 Jul 2024 19:21:50 +0000 (14:21 -0500)]
Improve performance of binary_upgrade_set_pg_class_oids().
This function generates the commands that preserve the OIDs and
relfilenodes of relations during pg_upgrade. It is called once per
relevant relation, and each such call executes a relatively
expensive query to retrieve information for a single pg_class_oid.
This can cause pg_dump to take significantly longer when
--binary-upgrade is specified, especially when there are many
tables.
This commit improves the performance of this function by gathering
all the required pg_class information with a single query at the
beginning of pg_dump. This information is stored in a sorted array
that binary_upgrade_set_pg_class_oids() can bsearch() for what it
needs. This follows a similar approach as commit
d5e8930f50, which
introduced a sorted array for role information.
With this patch, 'pg_dump --binary-upgrade' will use more memory,
but that isn't expected to be too egregious. Per the mailing list
discussion, folks feel that this is worth the trade-off.
Reviewed-by: Corey Huinker, Michael Paquier, Daniel Gustafsson
Discussion: https://postgr.es/m/
20240418041712.GA3441570%40nathanxps13
Nathan Bossart [Wed, 3 Jul 2024 15:58:26 +0000 (10:58 -0500)]
Remove is_index parameter from binary_upgrade_set_pg_class_oids().
Since commit
9a974cbcba, this function retrieves the relkind before
it needs to know whether the relation is an index, so we no longer
need callers to provide this information.
Suggested-by: Daniel Gustafsson
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/
20240418041712.GA3441570%40nathanxps13
Heikki Linnakangas [Wed, 3 Jul 2024 12:58:14 +0000 (15:58 +0300)]
Avoid 0-length memcpy to NULL with EXEC_BACKEND
memcpy(NULL, src, 0) is forbidden by POSIX, even though every
production version of libc allows it. Let's be tidy.
Per report from Thomas Munro, running UBSan with EXEC_BACKEND.
Backpatch to v17, where this code was added.
Discussion: https://www.postgresql.org/message-id/CA%2BhUKG%2Be-dV7YWBzfBZXsgovgRuX5VmvmOT%
[email protected]
Heikki Linnakangas [Wed, 3 Jul 2024 12:53:30 +0000 (15:53 +0300)]
Tighten check for --forkchild argument when spawning child process
Commit
aafc05de1b removed all the other --fork* arguments. Altough
this is inconsequential, backpatch to v17 since this is new.
Author: Nathan Bossart
Discussion: https://www.postgresql.org/message-id/ZnCCEN0l3qWv-XpW@nathan
Amit Kapila [Wed, 3 Jul 2024 09:34:59 +0000 (15:04 +0530)]
Fix the testcase introduced in commit
81d20fbf7a.
The failed test was syncing failover replication slot to standby to test
that we remove such slots after the standby is converted to subscriber by
pg_createsubscriber.
In one of the buildfarm members, the sync of the slot failed because the
LSN on the standby was before the syncslot's LSN. We need to wait for
standby to catch up before trying to sync the slot with
pg_sync_replication_slots().
The other buildfarm failed because autovacuum generated a xid which is
replicated to the standby at some random point making slots at primary
lag behind standby during slot sync.
Both these failures wouldn't have occurred if we had used built-in
slotsync worker as it would have waited for the standby to sync with
primary but for this test, it is sufficient to use
pg_sync_replication_slots().
Reported-by: Alexander Lakhin as per buildfarm
Author: Kuroda Hayato
Reviewed-by: Amit Kapila
Backpatch-through: 17
Discussion: https://postgr.es/m/
0dffca12-bf17-4a7a-334d-
225569de5e6e@gmail.com
Discussion: https://postgr.es/m/OSBPR01MB25528300C71FDD83EA1DCA12F5DD2@OSBPR01MB2552.jpnprd01.prod.outlook.com
Michael Paquier [Wed, 3 Jul 2024 04:09:20 +0000 (13:09 +0900)]
Replace hardcoded identifiers of pgstats file by #defines
This changes pgstat.c so as the three types of entries that can exist in
a pgstats file are not hardcoded anymore, replacing them with
descriptively-named macros, when reading and writing stats files:
- 'N' for named entries, like replication slot stats.
- 'S' for entries identified by a hash.
- 'E' for the end-of-file
This has come up while working on making this area of the code more
pluggable. The format of the stats file is unchanged, hence there is no
need to bump PGSTAT_FILE_FORMAT_ID.
Reviewed-by: Bertrand Drouvot
Discussion: https://postgr.es/m/
[email protected]
Michael Paquier [Wed, 3 Jul 2024 03:43:57 +0000 (12:43 +0900)]
Clean up more unused variables in perl code
This is a continuation of
0c1aca461481, with some cleanup in:
- msvc_gendef.pl
- pgindent
- 005_negotiate_encryption.pl, as of an oversight of
d39a49c1e459 that
has removed %params in test_matrix(), making also $server_config
useless.
Author: Dagfinn Ilmari Mannsåker
Discussion: https://postgr.es/m/
[email protected]
Nathan Bossart [Tue, 2 Jul 2024 18:03:58 +0000 (13:03 -0500)]
Add CODE_OF_CONDUCT.md, CONTRIBUTING.md, and SECURITY.md.
These "community health files" provide important information about
the project and will be displayed prominently on the PostgreSQL
GitHub mirror. For now, they just point to the website, but we may
want to expand on the content in the future.
Reviewed-by: Peter Eisentraut, Alvaro Herrera, Tom Lane
Discussion: https://postgr.es/m/
20240417023609.GA3228660%40nathanxps13
Heikki Linnakangas [Tue, 2 Jul 2024 17:14:40 +0000 (20:14 +0300)]
Remove redundant SetProcessingMode(InitProcessing) calls
After several refactoring iterations, auxiliary processes are no
longer initialized from the bootstrapper. Using the InitProcessing
mode for initializing auxiliary processes is more appropriate. Since
the global variable Mode is initialized to InitProcessing, we can just
remove the redundant calls of SetProcessingMode(InitProcessing).
Author: Xing Guo <
[email protected]>
Discussion: https://www.postgresql.org/message-id/CACpMh%2BDBHVT4xPGimzvex%3DwMdMLQEu9PYhT%2BkwwD2x2nu9dU_Q%40mail.gmail.com
Heikki Linnakangas [Tue, 2 Jul 2024 17:12:05 +0000 (20:12 +0300)]
Move bgworker specific logic to bgworker.c
For clarity, we've been slowly moving functions that are not called
from the postmaster process out of postmaster.c.
Author: Xing Guo <
[email protected]>
Discussion: https://www.postgresql.org/message-id/CACpMh%2BDBHVT4xPGimzvex%3DwMdMLQEu9PYhT%2BkwwD2x2nu9dU_Q%40mail.gmail.com
Nathan Bossart [Tue, 2 Jul 2024 16:22:06 +0000 (11:22 -0500)]
pg_dump: Remove some unused return values.
getSchemaData() does not use the return values of many of its get*
helper functions because they store the data elsewhere. For
example, commit
92316a4582 introduced a separate hash table for
dumpable objects that said helper functions populate. This commit
changes these functions to return void and removes their "int *"
parameters that returned the number of objects found.
Reviewed-by: Neil Conway, Tom Lane, Daniel Gustafsson
Discussion: https://postgr.es/m/ZmCAtVaOrHpf31PJ%40nathan
Daniel Gustafsson [Tue, 2 Jul 2024 09:16:56 +0000 (11:16 +0200)]
Use safe string copy routine
Using memcpy with strlen as the size parameter will not take the
NULL terminator into account, relying instead on the destination
buffer being properly initialized. Replace with strlcpy which is
a safer alternative, and more in line with how we handle copying
strings elsewhere.
Author: Ranier Vilela <
[email protected]>
Discussion: https://postgr.es/m/CAEudQApAsbLsQ+gGiw-hT+JwGhgogFa_=5NUkgFO6kOPxyNidQ@mail.gmail.com
Peter Eisentraut [Tue, 2 Jul 2024 08:43:12 +0000 (10:43 +0200)]
Remove too demanding test
Remove the test from commit
9c2e660b07. This test ends up allocating
quite a bit of memory, which can make the test fail with out of memory
errors on some build farm machines.
Peter Eisentraut [Tue, 2 Jul 2024 07:24:04 +0000 (09:24 +0200)]
Limit max parameter number with MaxAllocSize
MaxAllocSize puts an upper bound on the largest possible parameter
number ($
268435455). Use that limit instead of INT_MAX to report that
no parameters exist beyond that point instead of reporting an error
about the maximum allocation size being exceeded.
Author: Erik Wienhold <
[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
5d216d1c-91f6-4cbe-95e2-
b4cbd930520c@ewie.name
Peter Eisentraut [Tue, 2 Jul 2024 07:16:36 +0000 (09:16 +0200)]
Fix overflow in parsing of positional parameter
Replace atol with pg_strtoint32_safe in the backend parser and with
strtoint in ECPG to reject overflows when parsing the number of a
positional parameter. With atol from glibc, parameters $
2147483648 and
$
4294967297 turn into $-
2147483648 and $1, respectively.
Author: Erik Wienhold <
[email protected]>
Reviewed-by: Michael Paquier <[email protected]>
Reviewed-by: Peter Eisentraut <[email protected]>
Reviewed-by: Alexander Lakhin <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
5d216d1c-91f6-4cbe-95e2-
b4cbd930520c@ewie.name
Amit Kapila [Tue, 2 Jul 2024 06:06:21 +0000 (11:36 +0530)]
Drop pre-existing subscriptions from the converted subscriber.
We don't need the pre-existing subscriptions on the newly formed
subscriber by using pg_createsubscriber. The apply workers corresponding
to these subscriptions can connect to other publisher nodes and either get
some unwarranted data or can lead to ERRORs in connecting to such nodes.
Author: Kuroda Hayato
Reviewed-by: Amit Kapila, Shlok Kyal, Vignesh C
Backpatch-through: 17
Discussion: https://postgr.es/m/OSBPR01MB25526A30A1FBF863ACCDDA3AF5C92@OSBPR01MB2552.jpnprd01.prod.outlook.com
Peter Eisentraut [Tue, 2 Jul 2024 04:55:56 +0000 (06:55 +0200)]
Improve some global variable declarations
We have in launch_backend.c:
/*
* The following need to be available to the save/restore_backend_variables
* functions. They are marked NON_EXEC_STATIC in their home modules.
*/
extern slock_t *ShmemLock;
extern slock_t *ProcStructLock;
extern PGPROC *AuxiliaryProcs;
extern PMSignalData *PMSignalState;
extern pg_time_t first_syslogger_file_time;
extern struct bkend *ShmemBackendArray;
extern bool redirection_done;
That comment is not completely true: ShmemLock, ShmemBackendArray, and
redirection_done are not in fact NON_EXEC_STATIC. ShmemLock once was,
but was then needed elsewhere. ShmemBackendArray was static inside
postmaster.c before launch_backend.c was created. redirection_done
was never static.
This patch moves the declaration of ShmemLock and redirection_done to
a header file.
ShmemBackendArray gets a NON_EXEC_STATIC. This doesn't make a
difference, since it only exists if EXEC_BACKEND anyway, but it makes
it consistent.
After that, the comment is now correct.
Reviewed-by: Andres Freund <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
e0a62134-83da-4ba4-8cdb-
ceb0111c95ce@eisentraut.org
Peter Eisentraut [Tue, 2 Jul 2024 04:53:48 +0000 (06:53 +0200)]
Add missing includes for some global variables
src/backend/libpq/pqcomm.c: "postmaster/postmaster.h" for Unix_socket_group, Unix_socket_permissions
src/backend/utils/init/globals.c: "postmaster/postmaster.h" for MyClientSocket
src/backend/utils/misc/guc_tables.c: "utils/rls.h" for row_security
src/backend/utils/sort/tuplesort.c: "utils/guc.h" for trace_sort
Nothing currently diagnoses missing includes for global variables, but
this is being cleaned up, and these ones had an obvious header file
available.
Reviewed-by: Andres Freund <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
e0a62134-83da-4ba4-8cdb-
ceb0111c95ce@eisentraut.org
Peter Eisentraut [Tue, 2 Jul 2024 04:53:19 +0000 (06:53 +0200)]
Convert some extern variables to static
These probably should have been static all along, it was only
forgotten out of sloppiness.
Reviewed-by: Andres Freund <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
e0a62134-83da-4ba4-8cdb-
ceb0111c95ce@eisentraut.org
Amit Kapila [Tue, 2 Jul 2024 04:58:51 +0000 (10:28 +0530)]
Remove unused structure member in pg_createsubscriber.c.
Author: Kuroda Hayato
Backpatch-through: 17
Discussion: https://postgr.es/m/OSBPR01MB25526A30A1FBF863ACCDDA3AF5C92@OSBPR01MB2552.jpnprd01.prod.outlook.com
David Rowley [Tue, 2 Jul 2024 01:41:47 +0000 (13:41 +1200)]
Use TupleDescAttr macro consistently
A few places were directly accessing the attrs[] array. This goes
against the standards set by
2cd708452. Fix that.
Discussion: https://postgr.es/m/CAApHDvrBztXP3yx=NKNmo3xwFAFhEdyPnvrDg3=M0RhDs+4vYw@mail.gmail.com
Michael Paquier [Tue, 2 Jul 2024 00:47:16 +0000 (09:47 +0900)]
Cleanup perl code from unused variables and routines
This commit removes unused variables and routines from some perl code
that have accumulated across the years. This touches the following
areas:
- Wait event generation script.
- AdjustUpgrade.pm.
- TAP perl code
Author: Alexander Lakhin
Reviewed-by: Dagfinn Ilmari Mannsåker
Discussion: https://postgr.es/m/
70b340bc-244a-589d-ef8b-
d8aebb707a84@gmail.com
Michael Paquier [Tue, 2 Jul 2024 00:01:38 +0000 (09:01 +0900)]
Add information about access method for partitioned relations in \dP+
Since
374c7a229042, it is possible to set a table AM on a partitioned
table. This information was showing up already in psql with \d+, while
\dP+ provided no information.
This commit extends \dP+ to show the access method used by a partitioned
table or index, if set.
Author: Justin Pryzby
Discussion: https://postgr.es/m/ZkyivySXnbvOogZz@pryzbyj2023
Tom Lane [Mon, 1 Jul 2024 17:55:52 +0000 (13:55 -0400)]
Remove support for HPPA (a/k/a PA-RISC) architecture.
This old CPU architecture hasn't been produced in decades, and
whatever instances might still survive are surely too underpowered
for anyone to consider running Postgres on in production. We'd
nonetheless continued to carry code support for it (largely at my
insistence), because its unique implementation of spinlocks seemed
like a good edge case for our spinlock infrastructure. However,
our last buildfarm animal of this type was retired last year, and
it seems quite unlikely that another will emerge. Without the ability
to run tests, the argument that this is useful test code fails to
hold water. Furthermore, carrying code support for an untestable
architecture has costs not to be ignored. So, remove HPPA-specific
code, in the same vein as commits
718aa43a4 and
92d70b77e.
Discussion: https://postgr.es/m/
3351991.
1697728588@sss.pgh.pa.us
Nathan Bossart [Mon, 1 Jul 2024 16:47:40 +0000 (11:47 -0500)]
Remove redundant privilege check from pg_sequences system view.
This commit adjusts pg_sequence_last_value() to return NULL instead
of ERROR-ing for sequences for which the current user lacks
privileges. This allows us to remove the call to
has_sequence_privilege() in the definition of the pg_sequences
system view.
Bumps catversion.
Suggested-by: Michael Paquier
Reviewed-by: Michael Paquier, Tom Lane
Discussion: https://postgr.es/m/
20240501005730.GA594666%40nathanxps13
Tom Lane [Mon, 1 Jul 2024 15:55:19 +0000 (11:55 -0400)]
Preserve CurrentMemoryContext across Start/CommitTransactionCommand.
Up to now, committing a transaction has caused CurrentMemoryContext to
get set to TopMemoryContext. Most callers did not pay any particular
heed to this, which is problematic because TopMemoryContext is a
long-lived context that never gets reset. If the caller assumes it
can leak memory because it's running in a limited-lifespan context,
that behavior translates into a session-lifespan memory leak.
The first-reported instance of this involved ProcessIncomingNotify,
which is called from the main processing loop that normally runs in
MessageContext. That outer-loop code assumes that whatever it
allocates will be cleaned up when we're done processing the current
client message --- but if we service a notify interrupt, then whatever
gets allocated before the next switch to MessageContext will be
permanently leaked in TopMemoryContext. sinval catchup interrupts
have a similar problem, and I strongly suspect that some places in
logical replication do too.
To fix this in a generic way, let's redefine the behavior as
"CommitTransactionCommand restores the memory context that was current
at entry to StartTransactionCommand". This clearly fixes the issue
for the notify and sinval cases, and it seems to match the mental
model that's in use in the logical replication code, to the extent
that anybody thought about it there at all.
For consistency, likewise make subtransaction exit restore the context
that was current at subtransaction start (rather than always selecting
the CurTransactionContext of the parent transaction level). This case
has less risk of resulting in a permanent leak than the outer-level
behavior has, but it would not meet the principle of least surprise
for some CommitTransactionCommand calls to restore the previous
context while others don't.
While we're here, also change xact.c so that we reset
TopTransactionContext at transaction exit and then re-use it in later
transactions, rather than dropping and recreating it in each cycle.
This probably doesn't save a lot given the context recycling mechanism
in aset.c, but it should save a little bit. Per suggestion from David
Rowley. (Parenthetically, the text in src/backend/utils/mmgr/README
implies that this is how I'd planned to implement it as far back as
commit
1aebc3618 --- but the code actually added in that commit just
drops and recreates it each time.)
This commit also cleans up a few places outside xact.c that were
needlessly making TopMemoryContext current, and thus risking more
leaks of the same kind. I don't think any of them represent
significant leak risks today, but let's deal with them while the
issue is top-of-mind.
Per bug #18512 from wizardbrony. Commit to HEAD only, as this change
seems to have some risk of breaking things for some callers. We'll
apply a narrower fix for the known-broken cases in the back branches.
Discussion: https://postgr.es/m/
3478884.
1718656625@sss.pgh.pa.us
Nathan Bossart [Mon, 1 Jul 2024 15:18:26 +0000 (10:18 -0500)]
Add --no-sync to pg_upgrade's uses of pg_dump and pg_dumpall.
There's no reason to ensure that the files pg_upgrade generates
with pg_dump and pg_dumpall have been written safely to disk. If
there is a crash during pg_upgrade, the upgrade must be restarted
from the beginning; dump files left behind by previous pg_upgrade
attempts cannot be reused.
Reviewed-by: Peter Eisentraut, Tom Lane, Michael Paquier, Daniel Gustafsson
Discussion: https://postgr.es/m/
20240503171348.GA1731524%40nathanxps13
Peter Eisentraut [Mon, 1 Jul 2024 14:40:25 +0000 (16:40 +0200)]
Remove useless extern keywords
An extern keyword on a function definition (not declaration) is
useless and not the normal style.
Discussion: https://www.postgresql.org/message-id/flat/
e0a62134-83da-4ba4-8cdb-
ceb0111c95ce@eisentraut.org
Alvaro Herrera [Mon, 1 Jul 2024 11:58:22 +0000 (13:58 +0200)]
Fix copy-paste mistake in PQcancelCreate
When an OOM occurred, this function was incorrectly setting a status of
CONNECTION_BAD on the passed in PGconn instead of on the newly created
PGcancelConn.
Mistake introduced with
61461a300c1c. Backpatch to 17.
Author: Jelte Fennema-Nio <
[email protected]>
Reported-by: Noah Misch <[email protected]>
Discussion: https://postgr.es/m/
20240630190040[email protected]
David Rowley [Mon, 1 Jul 2024 09:19:01 +0000 (21:19 +1200)]
Add context type field to pg_backend_memory_contexts
Since we now (as of v17) have 4 MemoryContext types, the type of context
seems like useful information to include in the pg_backend_memory_contexts
view. Here we add that.
Reviewed-by: David Christensen, Michael Paquier
Discussion: https://postgr.es/m/CAApHDvrXX1OR09Zjb5TnB0AwCKze9exZN%3D9Nxxg1ZCVV8W-3BA%40mail.gmail.com
Peter Eisentraut [Mon, 1 Jul 2024 06:50:29 +0000 (08:50 +0200)]
Remove useless code
BuildDescForRelation() goes out of its way to fill in
->constr->has_not_null, but that value is not used for anything later,
so this code can all be removed. Note that BuildDescForRelation()
doesn't make any effort to fill in the rest of ->constr, so there is
no claim that that structure is completely filled in.
Reviewed-by: Tomasz Rybak <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
a368248e-69e4-40be-9c07-
6c3b5880b0a6@eisentraut.org
Peter Eisentraut [Mon, 1 Jul 2024 06:50:10 +0000 (08:50 +0200)]
Remove useless initializations
The struct is already initialized to all zeros right before this, and
randomly initializing a few but not all fields to zero again has no
technical or educational value.
Reviewed-by: Tomasz Rybak <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
a368248e-69e4-40be-9c07-
6c3b5880b0a6@eisentraut.org
Peter Eisentraut [Mon, 1 Jul 2024 06:39:07 +0000 (08:39 +0200)]
doc: Clarify that pg_attrdef also stores generation expressions
This was documented with pg_attribute but not with pg_attrdef.
Reported-by: jian he <[email protected]>
Discussion: https://www.postgresql.org/message-id/CACJufxE+E-iYmBnZVZHiYA+WpyZZVv7BfiBLpo=T70EZHDU9rw@mail.gmail.com
Amit Kapila [Mon, 1 Jul 2024 06:06:56 +0000 (11:36 +0530)]
Rename standby_slot_names to synchronized_standby_slots.
The standby_slot_names GUC allows the specification of physical standby
slots that must be synchronized before the logical walsenders associated
with logical failover slots. However, for this purpose, the GUC name is
too generic.
Author: Hou Zhijie
Reviewed-by: Bertrand Drouvot, Masahiko Sawada
Backpatch-through: 17
Discussion: https://postgr.es/m/
[email protected]
Peter Eisentraut [Mon, 1 Jul 2024 05:30:38 +0000 (07:30 +0200)]
Apply COPT to CXXFLAGS as well
The main use of that make variable is to pass in -Werror. It makes
sense to apply this to C++ as well.
Reviewed-by: Tom Lane <[email protected]>
Reviewed-by: Andres Freund <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/
fe3e200c-edee-44e0-a6e3-
d45dca72873b%40eisentraut.org
Michael Paquier [Mon, 1 Jul 2024 05:26:25 +0000 (14:26 +0900)]
Use pgstat_kind_infos to read fixed shared statistics
Shared statistics with a fixed number of objects are read from the stats
file in pgstat_read_statsfile() using members of PgStat_ShmemControl and
following an order based on their PgStat_Kind value.
Instead of being explicit, this commit changes the stats read to iterate
over the pgstat_kind_infos array to find the memory locations to read
into, based on a new shared_ctl_off in PgStat_KindInfo that can be used
to define the position of this stats kind in shared memory. This makes
the read logic simpler, and eases the introduction of future
improvements aimed at making this area more pluggable for external
modules.
Original idea suggested by Andres Freund.
Author: Tristan Partin
Reviewed-by: Andres Freund, Michael Paquier
Discussion: https://postgr.es/m/
[email protected]
Tom Lane [Mon, 1 Jul 2024 03:20:57 +0000 (23:20 -0400)]
Further weaken new pg_createsubscriber test on Windows.
Also omit backslashes (\) in the generated database names on Windows.
As before, perhaps we can revert this after updating affected
buildfarm animals.
Discussion: https://postgr.es/m/
2509767.
1719773880@sss.pgh.pa.us
Michael Paquier [Mon, 1 Jul 2024 01:08:00 +0000 (10:08 +0900)]
Format better code for xact_decode()'s XLOG_XACT_INVALIDATIONS
This makes the code more consistent with the surroundings.
Author: ChangAo Chen
Reviewed-by: Ashutosh Bapat
Discussion: https://postgr.es/m/CAExHW5tNTevUh58SKddTtcX3yU_5_PDSC8Mdp-Q2hc9PpZHRJg@mail.gmail.com
Michael Paquier [Mon, 1 Jul 2024 00:55:37 +0000 (09:55 +0900)]
doc: Add ACL acronym for "Access Control List"
Five places across the docs use this abbreviation, so let's use a proper
acronym entry for it.
Per suggestion from me.
Author: Joel Jacobson
Reviewed-by: Nathan Bossart, David G. Johnston
Discussion: https://postgr.es/m/
9253b872-dbb1-42a6-a79e-
b1e96effc857@app.fastmail.com
Michael Paquier [Mon, 1 Jul 2024 00:35:36 +0000 (09:35 +0900)]
Remove PgStat_KindInfo.named_on_disk
This field is used to track if a stats kind can use a custom format
representation on disk when reading or writing its stats case. On HEAD,
this exists for replication slots stats, that need a mapping between an
internal index ID and the slot names.
named_on_disk is currently used nowhere and the callbacks
to_serialized_name and from_serialized_name are in charge of checking if
the serialization of the stats data should apply, so let's remove it.
Reviewed-by: Andres Freund
Discussion: https://postgr.es/m/
[email protected]
David Rowley [Mon, 1 Jul 2024 00:11:10 +0000 (12:11 +1200)]
Improve enlargeStringInfo's ERROR message
Until now, when an enlargeStringInfo() call would cause the StringInfo to
exceed its maximum size, we reported an "out of memory" error. This is
misleading as it's no such thing.
Here we remove the "out of memory" text and replace it with something
more relevant to better indicate that it's a program limitation that's
been reached.
Reported-by: Michael Banck
Reviewed-by: Daniel Gustafsson, Tom Lane
Discussion: https://postgr.es/m/18484-
3e357ade5fe50e61@postgresql.org
Michael Paquier [Sun, 30 Jun 2024 22:56:10 +0000 (07:56 +0900)]
Stamp HEAD as 18devel.
Let the hacking begin ...
Michael Paquier [Sun, 30 Jun 2024 22:35:01 +0000 (07:35 +0900)]
Run pgperltidy
This is required before the creation of a new branch. pgindent is
clean, as well as is reformat-dat-files.
perltidy version is v20230309, as documented in pgindent's README.
Tom Lane [Sun, 30 Jun 2024 21:33:06 +0000 (17:33 -0400)]
Temporarily(?) weaken new pg_createsubscriber test on Windows.
Don't include double-quotes (") in the generated database names
on Windows. Doing so tickles a bug in older versions of IPC::Run,
which fail to quote command line arguments correctly for that
platform. Possibly we can revert this after updating affected
buildfarm animals.
Discussion: https://postgr.es/m/
2509767.
1719773880@sss.pgh.pa.us
Tomas Vondra [Sun, 30 Jun 2024 17:26:12 +0000 (19:26 +0200)]
Add PG_TEST_PG_COMBINEBACKUP_MODE
Introduces an environment variable PG_TEST_PG_COMBINEBACKUP_MODE, that
determines copy mode used by pg_combinebackup in TAP tests. Defaults to
"--copy" but may be set to "--clone" or "--copy-file-range" to use the
alternative stategies.
Reported-by: Peter Eisentraut
Discussion: https://postgr.es/m/
48da4a1f-ccd9-4988-9622-
24f37b1de2b4%40eisentraut.org
Tomas Vondra [Sun, 30 Jun 2024 17:20:02 +0000 (19:20 +0200)]
Add pg_combinebackup --copy option
Introduces --copy as an alternative to --clone and --copy-file-range.
This option simply picks the default mode to copy files, as if none of
the options was specified. This makes pg_combinebackup options more
consistent with pg_upgrade, and it makes testing simpler.
Reported-by: Peter Eisentraut
Discussion: https://postgr.es/m/
48da4a1f-ccd9-4988-9622-
24f37b1de2b4%40eisentraut.org
Tomas Vondra [Sun, 30 Jun 2024 17:02:00 +0000 (19:02 +0200)]
Add headers needed by pg_combinebackup --clone
The code for file cloning existed, but was not reachable as it relied on
constants from missing headers. Due to that, on Linux --clone always
failed with
error: file cloning not supported on this platform
Fixed by including the missing headers to relevant places. Adding the
headers revealed a couple compile errors in copy_file_clone(), so fix
those too.
Reported-by: Peter Eisentraut
Discussion: https://postgr.es/m/
48da4a1f-ccd9-4988-9622-
24f37b1de2b4%40eisentraut.org
Tom Lane [Sun, 30 Jun 2024 18:24:14 +0000 (14:24 -0400)]
Make pg_createsubscriber warn if publisher has two-phase commit enabled.
pg_createsubscriber currently always sets up logical replication
with two-phase commit disabled. Improving that is not going to
happen for v17. In the meantime, document the deficiency, and
adjust pg_createsubscriber so that it will emit a warning if
the source installation has max_prepared_transactions > 0.
Hayato Kuroda (some mods by Amit Kapila and me), per complaint from
Noah Misch
Discussion: https://postgr.es/m/
20240623062157[email protected]
Tom Lane [Sun, 30 Jun 2024 17:45:24 +0000 (13:45 -0400)]
Make pg_createsubscriber more wary about quoting connection parameters.
The original coding here could fail with database names, user names,
etc that contain spaces or other special characters.
As partial test coverage, extend the 040_pg_createsubscriber.pl
test script so that it uses a generated database name containing
funny characters.
Hayato Kuroda (some mods by me), per complaint from Noah Misch
Discussion: https://postgr.es/m/
20240623062157[email protected]
Noah Misch [Fri, 28 Jun 2024 18:17:50 +0000 (11:17 -0700)]
Fix .gitignore for new injection suite.
Commit
c35f419d6efbdf1a050250d84b687e6705917711 missed this.
Noah Misch [Fri, 28 Jun 2024 16:33:40 +0000 (09:33 -0700)]
Remove configuration-dependent output from new inplace-inval test.
Per buildfarm members prion and trilobite. Back-patch to v12 (all
supported versions), like commit
0844b3968985447ed0a6937cfc8639e379da2fe6.
Strategy reviewed by Tom Lane.
Discussion: https://postgr.es/m/
20240628051353[email protected]
Robert Haas [Fri, 28 Jun 2024 14:45:51 +0000 (10:45 -0400)]
pgindent, because I forgot to do that.
Commit
065583cf460f980a182498941ac52810f709a897 should have
included these changes.
Amit Langote [Fri, 28 Jun 2024 12:58:13 +0000 (21:58 +0900)]
SQL/JSON: Always coerce JsonExpr result at runtime
Instead of looking up casts at parse time for converting the result
of JsonPath* query functions to the specified or the default
RETURNING type, always perform the conversion at runtime using either
the target type's input function or the function
json_populate_type().
There are two motivations for this change:
1. json_populate_type() coerces to types with typmod such that any
string values that exceed length limit cause an error instead of
silent truncation, which is necessary to be standard-conforming.
2. It was possible to end up with a cast expression that doesn't
support soft handling of errors causing bugs in the of handling
ON ERROR clause.
JsonExpr.coercion_expr which would store the cast expression is no
longer necessary, so remove.
Bump catversion because stored rules change because of the above
removal.
Reported-by: Alvaro Herrera <[email protected]>
Reviewed-by: Jian He <[email protected]>
Discussion: Discussion: https://postgr.es/m/
202405271326.5a5rprki64aw%40alvherre.pgsql
Amit Langote [Fri, 28 Jun 2024 12:37:14 +0000 (21:37 +0900)]
SQL/JSON: Fix coercion of constructor outputs to types with typmod
Ensure SQL/JSON constructor functions that allow specifying the
target type using the RETURNING clause perform implicit cast to
that type. This ensures that output values that exceed the specified
length produce an error rather than being silently truncated. This
behavior conforms to the SQL standard.
Reported-by: Alvaro Herrera <[email protected]>
Reviewed-by: Jian He <[email protected]>
Discussion: https://postgr.es/m/
202405271326.5a5rprki64aw%40alvherre.pgsql
Robert Haas [Tue, 25 Jun 2024 19:42:36 +0000 (15:42 -0400)]
Prevent summarizer hang when summarize_wal turned off and back on.
Before this commit, when the WAL summarizer started up or recovered
from an error, it would resume summarization from wherever it left
off. That was OK normally, but wrong if summarize_wal=off had been
turned off temporary, allowing some WAL to be removed, and then turned
back on again. In such cases, the WAL summarizer would simply hang
forever. This commit changes the reinitialization sequence for WAL
summarizer to rederive the starting position in the way we were
already doing at initial startup, fixing the problem.
Per report from Israel Barth Rubio. Reviewed by Tom Lane.
Discussion: http://postgr.es/m/CA+TgmoYN6x=YS+FoFOS6=nr6=qkXZFWhdiL7k0oatGwug2hcuA@mail.gmail.com
Amit Langote [Fri, 28 Jun 2024 04:59:57 +0000 (13:59 +0900)]
SQL/JSON: Validate values in ON ERROR/EMPTY clauses
Currently, the grammar allows any supported values in the ON ERROR
and ON EMPTY clauses for SQL/JSON functions, regardless of whether
the values are appropriate for the function. This commit ensures
that during parse analysis, the provided value is checked for
validity for the given function and throws a syntax error if it is
not.
While at it, this fixes some omissions in the documentation of the
ON ERROR/EMPTY clauses for JSON_TABLE().
Reported-by: Jian He <[email protected]>
Reviewed-by: Jian He <[email protected]>
Discussion: https://postgr.es/m/CACJufxFgWGqpESSYzyJ6tSurr3vFYBSNEmCfkGyB_dMdptFnZQ%40mail.gmail.com
Amit Langote [Fri, 28 Jun 2024 04:59:13 +0000 (13:59 +0900)]
SQL/JSON: Prevent ON EMPTY for EXISTS columns in JSON_TABLE()
Due to an oversight in
de3600452b61, the ON EMPTY clause was
incorrectly allowed in the EXISTS column. Fix the grammar to prevent
this.
Discussion: https://postgr.es/m/CA%2BHiwqHh3YDXTpccgAo4CdfV9Mhy%2Bmg%3Doh6t8rfM5uLW1BJN4g%40mail.gmail.com
Michael Paquier [Fri, 28 Jun 2024 04:41:39 +0000 (13:41 +0900)]
Update modules/injection_points/.gitignore
Thinko in
c35f419d6efb, where an isolation test has been added to the
module.
Michael Paquier [Fri, 28 Jun 2024 04:30:47 +0000 (13:30 +0900)]
Fix comments in heaptuple.c
Since
e27f4ee0a701, fastgetattr() and heap_getattr() are not macros, but
inlined functions.
Author: Junwang Zhao
Reviewed-by: Stepan Neretin
Discussion: https://postgr.es/m/CAEG8a3JS-JKWWyOcM7BU=vPqFXa3W7mZSHnvc3CBqx=tC+3SCA@mail.gmail.com
Michael Paquier [Fri, 28 Jun 2024 03:31:29 +0000 (12:31 +0900)]
Improve locking around InjectionPointRun()
As coded, an injection point could be loaded into the local cache
without the LWLock InjectionPointLock taken, hence a point detached and
re-attached concurrently of a point running calling InjectionPointRun()
may finish by loading a callback it did no set initially. Based on all
the cases discussed until now on the lists, it is fine to delay the lock
release until the callback is run, so let's do that.
While on it, remove a useless LWLockRelease() called before an error in
InjectionPointAttach().
Per discussion with Heikki Linnakangas and Noah Misch.
Discussion: https://postgr.es/m/
e1ffb822-054e-4006-ac06-
50532767f75b@iki.fi
Noah Misch [Fri, 28 Jun 2024 02:21:06 +0000 (19:21 -0700)]
Remove comment about xl_heap_inplace "AT END OF STRUCT".
Commit
2c03216d831160bedd72d45f712601b6f7d03f1c moved the tuple data
from there to the buffer-0 data. Back-patch to v12 (all supported
versions), the plan for the next change to this struct.
Discussion: https://postgr.es/m/
20240523000548[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:06 +0000 (19:21 -0700)]
Cope with inplace update making catcache stale during TOAST fetch.
This extends
ad98fb14226ae6456fbaed7990ee7591cbe5efd2 to invals of
inplace updates. Trouble requires an inplace update of a catalog having
a TOAST table, so only pg_database was at risk. (The other catalog on
which core code performs inplace updates, pg_class, has no TOAST table.)
Trouble would require something like the inplace-inval.spec test.
Consider GRANT ... ON DATABASE fetching a stale row from cache and
discarding a datfrozenxid update that vac_truncate_clog() has already
relied upon. Back-patch to v12 (all supported versions).
Reviewed (in an earlier version) by Robert Haas.
Discussion: https://postgr.es/m/
20240114201411[email protected]
Discussion: https://postgr.es/m/
20240512232923[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
AccessExclusiveLock new relations just after assigning the OID.
This has no user-visible, important consequences, since other sessions'
catalog scans can't find the relation until we commit. However, this
unblocks introducing a rule about locks required to heap_update() a
pg_class row. CREATE TABLE has been acquiring this lock eventually, but
it can heap_update() pg_class.relchecks earlier. create_toast_table()
has been acquiring only ShareLock. Back-patch to v12 (all supported
versions), the plan for the commit relying on the new rule.
Reviewed (in an earlier version) by Robert Haas.
Discussion: https://postgr.es/m/
20240611024525[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Lock before setting relhassubclass on RELKIND_PARTITIONED_INDEX.
Commit
5b562644fec696977df4a82790064e8287927891 added a comment that
SetRelationHasSubclass() callers must hold this lock. When commit
17f206fbc824d2b4b14480199ca9ff7dea417eda extended use of this column to
partitioned indexes, it didn't take the lock. As the latter commit
message mentioned, we currently never reset a partitioned index to
relhassubclass=f. That largely avoids harm from the lock omission. The
cause for fixing this now is to unblock introducing a rule about locks
required to heap_update() a pg_class row. This might cause more
deadlocks. It gives minor user-visible benefits:
- If an ALTER INDEX SET TABLESPACE runs concurrently with ALTER TABLE
ATTACH PARTITION or CREATE PARTITION OF, one transaction blocks
instead of failing with "tuple concurrently updated". (Many cases of
DDL concurrency still fail that way.)
- Match ALTER INDEX ATTACH PARTITION in choosing to lock the index.
While not user-visible today, we'll need this if we ever make something
set the flag to false for a partitioned index, like ANALYZE does today
for tables. Back-patch to v12 (all supported versions), the plan for
the commit relying on the new rule. In back branches, add
LockOrStrongerHeldByMe() instead of adding a LockHeldByMe() parameter.
Reviewed (in an earlier version) by Robert Haas.
Discussion: https://postgr.es/m/
20240611024525[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Lock owned sequences during ALTER TABLE SET { LOGGED | UNLOGGED }.
These commands already make the persistence of owned sequences follow
owned table persistence changes. They didn't lock those sequences.
They lost the effect of nextval() calls that other sessions make after
the ALTER TABLE command, before the ALTER TABLE transaction commits.
Fix by acquiring the same lock that ALTER SEQUENCE SET { LOGGED |
UNLOGGED } acquires. This might cause more deadlocks. Back-patch to
v15, where commit
344d62fb9a978a72cf8347f0369b9ee643fd0b31 introduced
unlogged sequences.
Reviewed (in an earlier version) by Robert Haas.
Discussion: https://postgr.es/m/
20240611024525[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Expand comments and add an assertion in nodeModifyTable.c.
Most comments concern RELKIND_VIEW. One addresses the ExecUpdate()
"tupleid" parameter. A later commit will rely on these facts, but they
hold already. Back-patch to v12 (all supported versions), the plan for
that commit.
Reviewed (in an earlier version) by Robert Haas.
Discussion: https://postgr.es/m/
20240512232923[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Add an injection_points isolation test suite.
Make the isolation harness recognize injection_points wait events as a
type of blocked state. Test an extant inplace-update bug.
Reviewed by Robert Haas and Michael Paquier.
Discussion: https://postgr.es/m/
20240512232923[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Create waitfuncs.c for pg_isolation_test_session_is_blocked().
The next commit makes the function inspect an additional non-lock
contention source, so it no longer fits in lockfuncs.c.
Reviewed by Robert Haas.
Discussion: https://postgr.es/m/
20240512232923[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Add wait event type "InjectionPoint", a custom type like "Extension".
Both injection points and customization of type "Extension" are new in
v17, so this just changes a detail of an unreleased feature.
Reported by Robert Haas. Reviewed by Michael Paquier.
Discussion: https://postgr.es/m/CA+TgmobfMU5pdXP36D5iAwxV5WKE_vuDLtp_1QyH+H5jMMt21g@mail.gmail.com
Noah Misch [Fri, 28 Jun 2024 02:21:05 +0000 (19:21 -0700)]
Improve test coverage for changes to inplace-updated catalogs.
This covers both regular and inplace changes, since bugs arise at their
intersection. Where marked, these witness extant bugs. Back-patch to
v12 (all supported versions).
Reviewed (in an earlier version) by Robert Haas.
Discussion: https://postgr.es/m/
20240512232923[email protected]
Noah Misch [Fri, 28 Jun 2024 02:21:04 +0000 (19:21 -0700)]
Make TAP todo_start effects the same under Meson and prove_check.
This could have caused spurious failures only on SPARC Linux, because
today's only todo_start tests for that platform. Back-patch to v16,
where Meson support first appeared.
Reviewed by Robert Haas.
Discussion: https://postgr.es/m/
20240512232923[email protected]
Amit Langote [Fri, 28 Jun 2024 00:42:13 +0000 (09:42 +0900)]
SQL/JSON: Document behavior when input document is not jsonb
The input document to functions JSON_EXISTS(), JSON_QUERY(),
JSON_VALUE(), and JSON_TABLE() can be specified as character or
UTF8-encoded bytea strings. These are automatically converted to
jsonb with an implicit cast before being passed to the jsonpath
machinery.
In the current implementation, errors that occur when parsing the
specified string into a valid JSON document are thrown
unconditionally. This means they are not subject to the explicit or
implicit ON ERROR clause of those functions, which is a standard-
conforming behavior. Add a note to the documentation to mention
that.
Reported-by: Markus Winand
Discussion: https://postgr.es/m/
F7DD1442-265C-4220-A603-
CB0DEB77E91D%40winand.at
Tom Lane [Thu, 27 Jun 2024 18:43:59 +0000 (14:43 -0400)]
Avoid crashing when a JIT-inlined backend function throws an error.
errfinish() assumes that the __FUNC__ and __FILE__ arguments it's
passed are compile-time constant strings that can just be pointed
to rather than physically copied. However, it's possible for LLVM
to generate code in which those pointers point into a dynamically
loaded code segment. If that segment gets unloaded before we're
done with the ErrorData struct, we have dangling pointers that
will lead to SIGSEGV. In simple cases that won't happen, because we
won't unload LLVM code before end of transaction. But it's possible
to happen if the error is thrown within end-of-transaction code run by
_SPI_commit or _SPI_rollback, because since commit
2e517818f those
functions clean up by ending the transaction and starting a new one.
Rather than fixing this by adding pstrdup() overhead to every
elog/ereport sequence, let's fix it by copying the risky pointers
in CopyErrorData(). That solves it for _SPI_commit/_SPI_rollback
because they use that function to preserve the error data across
the transaction end/restart sequence; and it seems likely that
any other code doing something similar would need to do that too.
I'm suspicious that this behavior amounts to an LLVM bug (or a
bug in our use of it?), because it implies that string constant
references that should be pointer-equal according to a naive
understanding of C semantics will sometimes not be equal.
However, even if it is a bug and someday gets fixed, we'll have
to cope with the current behavior for a long time to come.
Report and patch by me. Back-patch to all supported branches.
Discussion: https://postgr.es/m/
1565654.
1719425368@sss.pgh.pa.us
Heikki Linnakangas [Thu, 27 Jun 2024 18:06:32 +0000 (21:06 +0300)]
Fix MVCC bug with prepared xact with subxacts on standby
We did not recover the subtransaction IDs of prepared transactions
when starting a hot standby from a shutdown checkpoint. As a result,
such subtransactions were considered as aborted, rather than
in-progress. That would lead to hint bits being set incorrectly, and
the subtransactions suddenly becoming visible to old snapshots when
the prepared transaction was committed.
To fix, update pg_subtrans with prepared transactions's subxids when
starting hot standby from a shutdown checkpoint. The snapshots taken
from that state need to be marked as "suboverflowed", so that we also
check the pg_subtrans.
Backport to all supported versions.
Discussion: https://www.postgresql.org/message-id/
6b852e98-2d49-4ca1-9e95-
db419a2696e0@iki.fi
Heikki Linnakangas [Thu, 27 Jun 2024 18:06:27 +0000 (21:06 +0300)]
tests: Trim newline from result returned by BackgroundPsql->query
This went unnoticed, because only a few existing callers of
BackgroundPsql->query used the result, and the ones that did were not
bothered by an extra newline. I noticed because I was about to add a
new test that checks the result.
Backport to all supported versions, since I just backported the
BackgroundPsql facility to all supported versions too.
Alvaro Herrera [Thu, 27 Jun 2024 17:51:47 +0000 (19:51 +0200)]
Fix thinkos in comments
The first one was noticed by Tender Wang and introduced with
8aba9322511f; the other one was newly introduced with
dbca3469ebf8.
Amit Kapila [Thu, 27 Jun 2024 06:05:00 +0000 (11:35 +0530)]
Drop the temporary tuple slots allocated by pgoutput.
In pgoutput, when converting the child table's tuple format to match the
parent table's, we temporarily create a new slot to store the converted
tuple. However, we missed to drop such temporary slots, leading to
resource leakage.
Reported-by: Bowen Shi
Author: Hou Zhijie
Reviewed-by: Amit Kapila
Backpatch-through: 15
Discussion: https://postgr.es/m/CAM_vCudv8dc3sjWiPkXx5F2b27UV7_YRKRbtSCcE-pv=cVACGA@mail.gmail.com
Michael Paquier [Thu, 27 Jun 2024 00:44:47 +0000 (09:44 +0900)]
Fix overflow with pgstats DSA reference count
When pgstats is initialized for a backend, it uses dsa_attach_in_place()
without a "segment" provided. Hence, no callback is registered to
automatically release the DSA attached once a backend exits. Not doing
any cleanup causes the reference count of the pgstats DSA to
continuously increment, at some point overflowing it (the more the
number of connections, the faster it is to reach this state). Once the
reference count overflows and then gets back to 0, new backends are not
able to attach to the pgstats DSA, failing startup.
This issue is resolved by adding in the pgstats shutdown hook a call to
dsa_release_in_place(), ensuring that the DSA attached at backend
startup is correctly released, keeping the reference count at bay.
The author of this patch has been able to see this issue on a server
with a long uptime and a high connection turnover.
Issue introduced by
5891c7a8ed8f, so backpatch down to 15.
Author: Anthonin Bonnefoy
Discussion: https://postgr.es/m/CAO6_XqqJbJBL=M7Ym13TcB4Xnq58vRa2jcC+gwEPBgbAda6B1Q@mail.gmail.com
Backpatch-through: 15
Heikki Linnakangas [Fri, 21 Jun 2024 15:31:15 +0000 (18:31 +0300)]
Fix bugs in MultiXact truncation
1. TruncateMultiXact() performs the SLRU truncations in a critical
section. Deleting the SLRU segments calls ForwardSyncRequest(), which
will try to compact the request queue if it's full
(CompactCheckpointerRequestQueue()). That in turn allocates memory,
which is not allowed in a critical section. Backtrace:
TRAP: failed Assert("CritSectionCount == 0 || (context)->allowInCritSection"), File: "../src/backend/utils/mmgr/mcxt.c", Line: 1353, PID: 920981
postgres: autovacuum worker template0(ExceptionalCondition+0x6e)[0x560a501e866e]
postgres: autovacuum worker template0(+0x5dce3d)[0x560a50217e3d]
postgres: autovacuum worker template0(ForwardSyncRequest+0x8e)[0x560a4ffec95e]
postgres: autovacuum worker template0(RegisterSyncRequest+0x2b)[0x560a50091eeb]
postgres: autovacuum worker template0(+0x187b0a)[0x560a4fdc2b0a]
postgres: autovacuum worker template0(SlruDeleteSegment+0x101)[0x560a4fdc2ab1]
postgres: autovacuum worker template0(TruncateMultiXact+0x2fb)[0x560a4fdbde1b]
postgres: autovacuum worker template0(vac_update_datfrozenxid+0x4b3)[0x560a4febd2f3]
postgres: autovacuum worker template0(+0x3adf66)[0x560a4ffe8f66]
postgres: autovacuum worker template0(AutoVacWorkerMain+0x3ed)[0x560a4ffe7c2d]
postgres: autovacuum worker template0(+0x3b1ead)[0x560a4ffecead]
postgres: autovacuum worker template0(+0x3b620e)[0x560a4fff120e]
postgres: autovacuum worker template0(+0x3b3fbb)[0x560a4ffeefbb]
postgres: autovacuum worker template0(+0x2f724e)[0x560a4ff3224e]
/lib/x86_64-linux-gnu/libc.so.6(+0x27c8a)[0x7f62cc642c8a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x85)[0x7f62cc642d45]
postgres: autovacuum worker template0(_start+0x21)[0x560a4fd16f31]
To fix, bail out in CompactCheckpointerRequestQueue() without doing
anything, if it's called in a critical section. That covers the above
call path, as well as any other similar cases where
RegisterSyncRequest might be called in a critical section.
2. After fixing that, another problem became apparent: Autovacuum
process doing that truncation can deadlock with the checkpointer
process. TruncateMultiXact() sets "MyProc->delayChkptFlags |=
DELAY_CHKPT_START". If the sync request queue is full and cannot be
compacted, the process will repeatedly sleep and retry, until there is
room in the queue. However, if the checkpointer is trying to start a
checkpoint at the same time, and is waiting for the DELAY_CHKPT_START
processes to finish, the queue will never shrink.
More concretely, the autovacuum process is stuck here:
#0 0x00007fc934926dc3 in epoll_wait () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x000056220b24348b in WaitEventSetWaitBlock (set=0x56220c2e4b50, occurred_events=0x7ffe7856d040, nevents=1, cur_timeout=<optimized out>) at ../src/backend/storage/ipc/latch.c:1570
#2 WaitEventSetWait (set=0x56220c2e4b50, timeout=timeout@entry=10, occurred_events=<optimized out>, occurred_events@entry=0x7ffe7856d040, nevents=nevents@entry=1,
wait_event_info=wait_event_info@entry=
150994949) at ../src/backend/storage/ipc/latch.c:1516
#3 0x000056220b243224 in WaitLatch (latch=<optimized out>, latch@entry=0x0, wakeEvents=wakeEvents@entry=40, timeout=timeout@entry=10, wait_event_info=wait_event_info@entry=
150994949)
at ../src/backend/storage/ipc/latch.c:538
#4 0x000056220b26cf46 in RegisterSyncRequest (ftag=ftag@entry=0x7ffe7856d0a0, type=type@entry=SYNC_FORGET_REQUEST, retryOnError=true) at ../src/backend/storage/sync/sync.c:614
#5 0x000056220af9db0a in SlruInternalDeleteSegment (ctl=ctl@entry=0x56220b7beb60 <MultiXactMemberCtlData>, segno=segno@entry=11350) at ../src/backend/access/transam/slru.c:1495
#6 0x000056220af9dab1 in SlruDeleteSegment (ctl=ctl@entry=0x56220b7beb60 <MultiXactMemberCtlData>, segno=segno@entry=11350) at ../src/backend/access/transam/slru.c:1566
#7 0x000056220af98e1b in PerformMembersTruncation (oldestOffset=<optimized out>, newOldestOffset=<optimized out>) at ../src/backend/access/transam/multixact.c:3006
#8 TruncateMultiXact (newOldestMulti=newOldestMulti@entry=
3221225472, newOldestMultiDB=newOldestMultiDB@entry=4) at ../src/backend/access/transam/multixact.c:3201
#9 0x000056220b098303 in vac_truncate_clog (frozenXID=749, minMulti=<optimized out>, lastSaneFrozenXid=749, lastSaneMinMulti=
3221225472) at ../src/backend/commands/vacuum.c:1917
#10 vac_update_datfrozenxid () at ../src/backend/commands/vacuum.c:1760
#11 0x000056220b1c3f76 in do_autovacuum () at ../src/backend/postmaster/autovacuum.c:2550
#12 0x000056220b1c2c3d in AutoVacWorkerMain (startup_data=<optimized out>, startup_data_len=<optimized out>) at ../src/backend/postmaster/autovacuum.c:1569
and the checkpointer is stuck here:
#0 0x00007fc9348ebf93 in clock_nanosleep () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fc9348fe353 in nanosleep () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x000056220b40ecb4 in pg_usleep (microsec=microsec@entry=10000) at ../src/port/pgsleep.c:50
#3 0x000056220afb43c3 in CreateCheckPoint (flags=flags@entry=108) at ../src/backend/access/transam/xlog.c:7098
#4 0x000056220b1c6e86 in CheckpointerMain (startup_data=<optimized out>, startup_data_len=<optimized out>) at ../src/backend/postmaster/checkpointer.c:464
To fix, add AbsorbSyncRequests() to the loops where the checkpointer
waits for DELAY_CHKPT_START or DELAY_CHKPT_COMPLETE operations to
finish.
Backpatch to v14. Before that, SLRU deletion didn't call
RegisterSyncRequest, which avoided this failure. I'm not sure if there
are other similar scenarios on older versions, but we haven't had
any such reports.
Discussion: https://www.postgresql.org/message-id/
ccc66933-31c1-4f6a-bf4b-
45fef0d4f22e@iki.fi