1. 13 Dec, 2018 4 commits
    • Tom Lane's avatar
      Drop no-op CoerceToDomain nodes from expressions at planning time. · 04fe805a
      Tom Lane authored
      If a domain has no constraints, then CoerceToDomain doesn't really do
      anything and can be simplified to a RelabelType.  This not only
      eliminates cycles at execution, but allows the planner to optimize better
      (for instance, match the coerced expression to an index on the underlying
      column).  However, we do have to support invalidating the plan later if
      a constraint gets added to the domain.  That's comparable to the case of
      a change to a SQL function that had been inlined into a plan, so all the
      necessary logic already exists for plans depending on functions.  We
      need only duplicate or share that logic for domains.
      
      ALTER DOMAIN ADD/DROP CONSTRAINT need to be taught to send out sinval
      messages for the domain's pg_type entry, since those operations don't
      update that row.  (ALTER DOMAIN SET/DROP NOT NULL do update that row,
      so no code change is needed for them.)
      
      Testing this revealed what's really a pre-existing bug in plpgsql:
      it caches the SQL-expression-tree expansion of type coercions and
      had no provision for invalidating entries in that cache.  Up to now
      that was only a problem if such an expression had inlined a SQL
      function that got changed, which is unlikely though not impossible.
      But failing to track changes of domain constraints breaks an existing
      regression test case and would likely cause practical problems too.
      
      We could fix that locally in plpgsql, but what seems like a better
      idea is to build some generic infrastructure in plancache.c to store
      standalone expressions and track invalidation events for them.
      (It's tempting to wonder whether plpgsql's "simple expression" stuff
      could use this code with lower overhead than its current use of the
      heavyweight plancache APIs.  But I've left that idea for later.)
      
      Other stuff fixed in passing:
      
      * Allow estimate_expression_value() to drop CoerceToDomain
      unconditionally, effectively assuming that the coercion will succeed.
      This will improve planner selectivity estimates for cases involving
      estimatable expressions that are coerced to domains.  We could have
      done this independently of everything else here, but there wasn't
      previously any need for eval_const_expressions_mutator to know about
      CoerceToDomain at all.
      
      * Use a dlist for plancache.c's list of cached plans, rather than a
      manually threaded singly-linked list.  That eliminates a potential
      performance problem in DropCachedPlan.
      
      * Fix a couple of inconsistencies in typecmds.c about whether
      operations on domains drop RowExclusiveLock on pg_type.  Our common
      practice is that DDL operations do drop catalog locks, so standardize
      on that choice.
      
      Discussion: https://postgr.es/m/19958.1544122124@sss.pgh.pa.us
      04fe805a
    • Alexander Korotkov's avatar
      Prevent GIN deleted pages from being reclaimed too early · 52ac6cd2
      Alexander Korotkov authored
      When GIN vacuum deletes a posting tree page, it assumes that no concurrent
      searchers can access it, thanks to ginStepRight() locking two pages at once.
      However, since 9.4 searches can skip parts of posting trees descending from the
      root.  That leads to the risk that page is deleted and reclaimed before
      concurrent search can access it.
      
      This commit prevents the risk of above by waiting for every transaction, which
      might wait to reference this page, to finish.  Due to binary compatibility
      we can't change GinPageOpaqueData to store corresponding transaction id.
      Instead we reuse page header pd_prune_xid field, which is unused in index pages.
      
      Discussion: https://postgr.es/m/31a702a.14dd.166c1366ac1.Coremail.chjischj%40163.com
      Author: Andrey Borodin, Alexander Korotkov
      Reviewed-by: Alexander Korotkov
      Backpatch-through: 9.4
      52ac6cd2
    • Alexander Korotkov's avatar
      Prevent deadlock in ginRedoDeletePage() · c6ade7a8
      Alexander Korotkov authored
      On standby ginRedoDeletePage() can work concurrently with read-only queries.
      Those queries can traverse posting tree in two ways.
      1) Using rightlinks by ginStepRight(), which locks the next page before
         unlocking its left sibling.
      2) Using downlinks by ginFindLeafPage(), which locks at most one page at time.
      
      Original lock order was: page, parent, left sibling.  That lock order can
      deadlock with ginStepRight().  In order to prevent deadlock this commit changes
      lock order to: left sibling, page, parent.  Note, that position of parent in
      locking order seems insignificant, because we only lock one page at time while
      traversing downlinks.
      
      Reported-by: Chen Huajun
      Diagnosed-by: Chen Huajun, Peter Geoghegan, Andrey Borodin
      Discussion: https://postgr.es/m/31a702a.14dd.166c1366ac1.Coremail.chjischj%40163.com
      Author: Alexander Korotkov
      Backpatch-through: 9.4
      c6ade7a8
    • Alexander Korotkov's avatar
      Fix deadlock in GIN vacuum introduced by 218f5158 · fd83c83d
      Alexander Korotkov authored
      Before 218f5158 if posting tree page is about to be deleted, then the whole
      posting tree is locked by LockBufferForCleanup() on root preventing all the
      concurrent inserts.  218f5158 reduced locking to the subtree containing
      page to be deleted.  However, due to concurrent parent split, inserter doesn't
      always holds pins on all the pages constituting path from root to the target
      leaf page.  That could cause a deadlock between GIN vacuum process and GIN
      inserter.  And we didn't find non-invasive way to fix this.
      
      This commit reverts VACUUM behavior to lock the whole posting tree before
      delete any page.  However, we keep another useful change by 218f5158: the
      tree is locked only if there are pages to be deleted.
      
      Reported-by: Chen Huajun
      Diagnosed-by: Chen Huajun, Andrey Borodin, Peter Geoghegan
      Discussion: https://postgr.es/m/31a702a.14dd.166c1366ac1.Coremail.chjischj%40163.com
      Author: Alexander Korotkov, based on ideas from Andrey Borodin and Peter Geoghegan
      Reviewed-by: Andrey Borodin
      Backpatch-through: 10
      fd83c83d
  2. 12 Dec, 2018 3 commits
    • Tom Lane's avatar
      Repair bogus EPQ plans generated for postgres_fdw foreign joins. · 77d4d88a
      Tom Lane authored
      postgres_fdw's postgresGetForeignPlan() assumes without checking that the
      outer_plan it's given for a join relation must have a NestLoop, MergeJoin,
      or HashJoin node at the top.  That's been wrong at least since commit
      4bbf6edf (which could cause insertion of a Sort node on top) and it seems
      like a pretty unsafe thing to Just Assume even without that.
      
      Through blind good fortune, this doesn't seem to have any worse
      consequences today than strange EXPLAIN output, but it's clearly trouble
      waiting to happen.
      
      To fix, test the node type explicitly before touching Join-specific
      fields, and avoid jamming the new tlist into a node type that can't
      do projection.  Export a new support function from createplan.c
      to avoid building low-level knowledge about the latter into FDWs.
      
      Back-patch to 9.6 where the faulty coding was added.  Note that the
      associated regression test cases don't show any changes before v11,
      apparently because the tests back-patched with 4bbf6edf don't actually
      exercise the problem case before then (there's no top-level Sort
      in those plans).
      
      Discussion: https://postgr.es/m/8946.1544644803@sss.pgh.pa.us
      77d4d88a
    • Tom Lane's avatar
      Repair bogus handling of multi-assignment Params in upper plan levels. · 0f7ec8d9
      Tom Lane authored
      Our support for multiple-set-clauses in UPDATE assumes that the Params
      referencing a MULTIEXPR_SUBLINK SubPlan will appear before that SubPlan
      in the targetlist of the plan node that calculates the updated row.
      (Yeah, it's a hack...)  In some PG branches it's possible that a Result
      node gets inserted between the primary calculation of the update tlist
      and the ModifyTable node.  setrefs.c did the wrong thing in this case
      and left the upper-level Params as Params, causing a crash at runtime.
      What it should do is replace them with "outer" Vars referencing the child
      plan node's output.  That's a result of careless ordering of operations
      in fix_upper_expr_mutator, so we can fix it just by reordering the code.
      
      Fix fix_join_expr_mutator similarly for consistency, even though join
      nodes could never appear in such a context.  (In general, it seems
      likely to be a bit cheaper to use Vars than Params in such situations
      anyway, so this patch might offer a tiny performance improvement.)
      
      The hazard extends back to 9.5 where the MULTIEXPR_SUBLINK stuff
      was introduced, so back-patch that far.  However, this may be a live
      bug only in 9.6.x and 10.x, as the other branches don't seem to want
      to calculate the final tlist below the Result node.  (That plan shape
      change between branches might be a mini-bug in itself, but I'm not
      really interested in digging into the reasons for that right now.
      Still, add a regression test memorializing what we expect there,
      so we'll notice if it changes again.)
      
      Per bug report from Eduards Bezverhijs.
      
      Discussion: https://postgr.es/m/b6cd572a-3e44-8785-75e9-c512a5a17a73@tieto.com
      0f7ec8d9
    • Michael Paquier's avatar
      Tweak pg_partition_tree for undefined relations and unsupported relkinds · cc53123b
      Michael Paquier authored
      This fixes a crash which happened when calling the function directly
      with a relation OID referring to a non-existing object, and changes the
      behavior so as NULL is returned for unsupported relkinds instead of
      generating an error.  This puts the new function in line with many other
      system functions, and eases actions like full scans of pg_class.
      
      Author: Michael Paquier
      Reviewed-by: Amit Langote, Stephen Frost
      Discussion: https://postgr.es/m/20181207010406.GO2407@paquier.xyz
      cc53123b
  3. 11 Dec, 2018 3 commits
  4. 10 Dec, 2018 7 commits
  5. 09 Dec, 2018 1 commit
  6. 07 Dec, 2018 6 commits
  7. 06 Dec, 2018 6 commits
  8. 05 Dec, 2018 2 commits
    • Alvaro Herrera's avatar
      Don't mark partitioned indexes invalid unnecessarily · 71a05b22
      Alvaro Herrera authored
      When an indexes is created on a partitioned table using ONLY (don't
      recurse to partitions), it gets marked invalid until index partitions
      are attached for each table partition.  But there's no reason to do this
      if there are no partitions ... and moreover, there's no way to get the
      index to become valid afterwards, because all partitions that get
      created/attached get their own index partition already attached to the
      parent index, so there's no chance to do ALTER INDEX ... ATTACH PARTITION
      that would make the parent index valid.
      
      Fix by not marking the index as invalid to begin with.
      
      This is very similar to 9139aa19, but the pg_dump aspect does not
      appear to be relevant until we add FKs that can point to PKs on
      partitioned tables.  (I tried to cause the pg_upgrade test to break by
      leaving some of these bogus tables around, but wasn't able to.)
      
      Making this change means that an index that was supposed to be invalid
      in the insert_conflict regression test is no longer invalid; reorder the
      DDL so that the test continues to verify the behavior we want it to.
      
      Author: Álvaro Herrera
      Reviewed-by: Amit Langote
      Discussion: https://postgr.es/m/20181203225019.2vvdef2ybnkxt364@alvherre.pgsql
      71a05b22
    • Michael Paquier's avatar
      Fix invalid value of synchronous_commit in description of flush_lag · 99f9ccee
      Michael Paquier authored
      "remote_flush" has never been a valid user-facing value, but "on" is.
      
      Author: Maksim Milyutin
      Discussion: https://postgr.es/m/27b3b80c-3615-2d76-02c5-44566b53136c@gmail.com
      99f9ccee
  9. 04 Dec, 2018 2 commits
    • Stephen Frost's avatar
      Fix typo · f502fc88
      Stephen Frost authored
      Backends don't typically exist uncleanly, but they can certainly exit
      uncleanly, and it's exiting uncleanly that's being discussed here.
      f502fc88
    • Etsuro Fujita's avatar
      postgres_fdw: Improve cost and size estimation for aggregate pushdown. · f8f6e446
      Etsuro Fujita authored
      In commit 7012b132, which added aggregate
      pushdown to postgres_fdw, we didn't account for the evaluation cost and the
      selectivity of HAVING quals attached to ForeignPaths performing aggregate
      pushdown, as core had never accounted for that for AggPaths and GroupPaths.
      And we didn't set these values of the locally-checked quals (ie, fpinfo's
      local_conds_cost and local_conds_sel), which were initialized to zeros, but
      since estimate_path_cost_size factors in these to estimate the result size
      and the evaluation cost of such a ForeignPath when the use_remote_estimate
      option is enabled, this caused it to produce underestimated results in that
      case.
      
      By commit 7b6c0754 core was changed so that
      it accounts for the evaluation cost and the selectivity of HAVING quals in
      aggregation paths, so change the postgres_fdw's aggregate pushdown code as
      well as such.  This not only fixes the underestimation issue mentioned
      above, but improves the estimation using local statistics in that function
      when that option is disabled.
      
      This would be a bug fix rather than an improvement, but apply it to HEAD
      only to avoid destabilizing existing plan choices.
      
      Author: Etsuro Fujita
      Discussion: https://postgr.es/m/5BFD3EAD.2060301%40lab.ntt.co.jp
      f8f6e446
  10. 03 Dec, 2018 3 commits
    • Tom Lane's avatar
      Refactor documentation about privileges to centralize the info. · afc4a78a
      Tom Lane authored
      Expand section 5.6 "Privileges" to include the full definition of
      each privilege type, and an explanation of aclitem privilege displays,
      along with some helpful summary tables.  Most of this material came
      out of the GRANT reference page, although some of it is new.
      Adjust a bunch of links that were pointing to GRANT to point to 5.6.
      
      Fabien Coelho and Tom Lane, reviewed by Bradley DeJong
      
      Discussion: https://postgr.es/m/alpine.DEB.2.21.1807311735200.20743@lancre
      afc4a78a
    • Michael Paquier's avatar
      Add some missing schema qualifications · ee2b37ae
      Michael Paquier authored
      This does not improve the security and reliability of the touched areas,
      but it makes the style more consistent.
      
      Author: Michael Paquier
      Reviewed-by- Noah Misch
      Discussion: https://postgr.es/m/20180309075538.GD9376@paquier.xyz
      ee2b37ae
    • Michael Paquier's avatar
      Add PGXS options to control TAP and isolation tests, take two · d3c09b9b
      Michael Paquier authored
      The following options are added for extensions:
      - TAP_TESTS, to allow an extention to run TAP tests which are the ones
      present in t/*.pl.  A subset of tests can always be run with the
      existing PROVE_TESTS for developers.
      - ISOLATION, to define a list of isolation tests.
      - ISOLATION_OPTS, to pass custom options to isolation_tester.
      
      A couple of custom Makefile rules have been accumulated across the tree
      to cover the lack of facility in PGXS for a couple of releases when
      using those test suites, which are all now replaced with the new flags,
      without reducing the test coverage.  Note that tests of contrib/bloom/
      are not enabled yet, as those are proving unstable in the buildfarm.
      
      Author: Michael Paquier
      Reviewed-by: Adam Berlin, Álvaro Herrera, Tom Lane, Nikolay Shaplov,
      Arthur Zakirov
      Discussion: https://postgr.es/m/20180906014849.GG2726@paquier.xyz
      d3c09b9b
  11. 01 Dec, 2018 3 commits
    • Tom Lane's avatar
      Eliminate parallel-make hazard in ecpg/preproc. · 29180e5d
      Tom Lane authored
      Re-making ecpglib's typename.o is dangerous because another make thread
      could be doing that at the same time.  While we've not heard field
      complaints traceable to this, it seems inevitable that it'd bite someone
      eventually.  Instead, symlink typename.c into the preproc directory and
      recompile it there.  That file is small enough that compiling it twice
      isn't much of a penalty.  Furthermore, this way we get a .o file that's
      made without shlib CFLAGS, which seems cleaner.
      
      This requires adding more stuff to the module's -I list.  The MSVC
      aspect of that is untested, but I'm sure the buildfarm will tell me
      if I got it wrong.
      
      Per a suggestion from Peter Eisentraut.  Although this is theoretically
      a bug fix, the lack of field reports makes me feel we needn't back-patch.
      
      Discussion: https://postgr.es/m/31364.1543511708@sss.pgh.pa.us
      29180e5d
    • Tom Lane's avatar
      Rename ecpg's various "extern.h" files to have distinct names. · 3295f820
      Tom Lane authored
      This should reduce confusion, and in particular make it safe to
      copy typename.c into preproc/ and compile it there.
      
      This doesn't affect anything outside ecpg, and particularly not
      end users, because these files don't get installed; they just
      exist to share declarations among the .c files of each subdirectory.
      
      Discussion: https://postgr.es/m/31364.1543511708@sss.pgh.pa.us
      3295f820
    • Tom Lane's avatar
      Add a --socketdir option to pg_upgrade. · 2d34ad84
      Tom Lane authored
      This allows control of the directory in which the postmaster sockets
      are created for the temporary postmasters started by pg_upgrade.
      The default location remains the current working directory, which is
      typically fine, but if it is deeply nested then its pathname might
      be too long to be a socket name.
      
      In passing, clean up some messiness in pg_upgrade's option handling,
      particularly the confusing and undocumented way that configuration-only
      datadirs were handled.  And fix check_required_directory's substantially
      under-baked cleanup of directory pathnames.
      
      Daniel Gustafsson, reviewed by Hironobu Suzuki, some code cleanup by me
      
      Discussion: https://postgr.es/m/E72DD5C3-2268-48A5-A907-ED4B34BEC223@yesql.se
      2d34ad84