Fix cross-checking of ReservedBackends/max_wal_senders/MaxConnections.

We were independently checking ReservedBackends < MaxConnections and
max_wal_senders < MaxConnections, but because walsenders aren't allowed
to use superuser-reserved connections, that's really the wrong thing.
Correct behavior is to insist on ReservedBackends + max_wal_senders being
less than MaxConnections.  Fix the code and associated documentation.

This has been wrong for a long time, but since the situation probably
hardly ever arises in the field (especially pre-v10, when the default
for max_wal_senders was zero), no back-patch.

Discussion: https://postgr.es/m/28271.1520195491@sss.pgh.pa.us

doc/src/sgml/config.sgml

@@ -696,8 +696,9 @@ include_dir 'conf.d'
 
        <para>
         The default value is three connections. The value must be less
-        than the value of <varname>max_connections</varname>. This
-        parameter can only be set at server start.
+        than <varname>max_connections</varname> minus
+        <xref linkend="guc-max-wal-senders"/>.
+        This parameter can only be set at server start.
        </para>
       </listitem>
      </varlistentry>
@@ -2982,13 +2983,16 @@ include_dir 'conf.d'
         maximum number of simultaneously running WAL sender
         processes). The default is 10. The value 0 means replication is
         disabled. WAL sender processes count towards the total number
-        of connections, so the parameter cannot be set higher than
-        <xref linkend="guc-max-connections"/>.  Abrupt streaming client
-        disconnection might cause an orphaned connection slot until
+        of connections, so this parameter's value must be less than
+        <xref linkend="guc-max-connections"/> minus
+        <xref linkend="guc-superuser-reserved-connections"/>.
+        Abrupt streaming client disconnection might leave an orphaned
+        connection slot behind until
         a timeout is reached, so this parameter should be set slightly
         higher than the maximum number of expected clients so disconnected
         clients can immediately reconnect.  This parameter can only
-        be set at server start. <varname>wal_level</varname> must be set to
+        be set at server start.
+        Also, <varname>wal_level</varname> must be set to
         <literal>replica</literal> or higher to allow connections from standby
         servers.
        </para>
@@ -3007,10 +3011,11 @@ include_dir 'conf.d'
          (see <xref linkend="streaming-replication-slots"/>) that the server
          can support. The default is 10.  This parameter can only be set at
          server start.
-         <varname>wal_level</varname> must be set
-         to <literal>replica</literal> or higher to allow replication slots to
-         be used. Setting it to a lower value than the number of currently
+         Setting it to a lower value than the number of currently
          existing replication slots will prevent the server from starting.
+         Also, <varname>wal_level</varname> must be set
+         to <literal>replica</literal> or higher to allow replication slots to
+         be used.
         </para>
        </listitem>
       </varlistentry>

src/backend/postmaster/postmaster.c

@@ -202,9 +202,9 @@ char	   *ListenAddresses;
 
 /*
  * ReservedBackends is the number of backends reserved for superuser use.
- * This number is taken out of the pool size given by MaxBackends so
+ * This number is taken out of the pool size given by MaxConnections so
  * number of backend slots available to non-superusers is
- * (MaxBackends - ReservedBackends).  Note what this really means is
+ * (MaxConnections - ReservedBackends).  Note what this really means is
  * "if there are <= ReservedBackends connections available, only superusers
  * can make new connections" --- pre-existing superuser connections don't
  * count against the limit.
@@ -882,14 +882,11 @@ PostmasterMain(int argc, char *argv[])
 	/*
 	 * Check for invalid combinations of GUC settings.
 	 */
-	if (ReservedBackends >= MaxConnections)
+	if (ReservedBackends + max_wal_senders >= MaxConnections)
 	{
-		write_stderr("%s: superuser_reserved_connections must be less than max_connections\n", progname);
-		ExitPostmaster(1);
-	}
-	if (max_wal_senders >= MaxConnections)
-	{
-		write_stderr("%s: max_wal_senders must be less than max_connections\n", progname);
+		write_stderr("%s: superuser_reserved_connections (%d) plus max_wal_senders (%d) must be less than max_connections (%d)\n",
+					 progname,
+					 ReservedBackends, max_wal_senders, MaxConnections);
 		ExitPostmaster(1);
 	}
 	if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)

src/backend/utils/init/postinit.c

@@ -778,7 +778,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username,
 	}
 
 	/*
-	 * The last few connections slots are reserved for superusers. Although
+	 * The last few connection slots are reserved for superusers.  Although
 	 * replication connections currently require superuser privileges, we
 	 * don't allow them to consume the reserved slots, which are intended for
 	 * interactive use.

src/backend/utils/misc/guc.c

@@ -1873,6 +1873,7 @@ static struct config_int ConfigureNamesInt[] =
 	},
 
 	{
+		/* see max_connections and max_wal_senders */
 		{"superuser_reserved_connections", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
 			gettext_noop("Sets the number of connection slots reserved for superusers."),
 			NULL
@@ -2375,7 +2376,7 @@ static struct config_int ConfigureNamesInt[] =
 	},
 
 	{
-		/* see max_connections */
+		/* see max_connections and superuser_reserved_connections */
 		{"max_wal_senders", PGC_POSTMASTER, REPLICATION_SENDING,
 			gettext_noop("Sets the maximum number of simultaneously running WAL sender processes."),
 			NULL
@@ -2386,7 +2387,7 @@ static struct config_int ConfigureNamesInt[] =
 	},
 
 	{
-		/* see max_connections */
+		/* see max_wal_senders */
 		{"max_replication_slots", PGC_POSTMASTER, REPLICATION_SENDING,
 			gettext_noop("Sets the maximum number of simultaneously defined replication slots."),
 			NULL