1. 12 Feb, 2013 4 commits
    • Alvaro Herrera's avatar
      Rename "string" pstrdup argument to "in" · 0e81ddde
      Alvaro Herrera authored
      The former name collides with a symbol also used in the isolation test's
      parser, causing assorted failures in certain platforms.
      0e81ddde
    • Alvaro Herrera's avatar
      Don't build libpgcommon_srv.a just yet · 0f980b0e
      Alvaro Herrera authored
      It's empty, and some archivers do not support that case.
      0f980b0e
    • Alvaro Herrera's avatar
      Create libpgcommon, and move pg_malloc et al to it · 8396447c
      Alvaro Herrera authored
      libpgcommon is a new static library to allow sharing code among the
      various frontend programs and backend; this lets us eliminate duplicate
      implementations of common routines.  We avoid libpgport, because that's
      intended as a place for porting issues; per discussion, it seems better
      to keep them separate.
      
      The first use case, and the only implemented by this patch, is pg_malloc
      and friends, which many frontend programs were already using.
      
      At the same time, we can use this to provide palloc emulation functions
      for the frontend; this way, some palloc-using files in the backend can
      also be used by the frontend cleanly.  To do this, we change palloc() in
      the backend to be a function instead of a macro on top of
      MemoryContextAlloc().  This was previously believed to cause loss of
      performance, but this implementation has been tweaked by Tom and Andres
      so that on modern compilers it provides a slight improvement over the
      previous one.
      
      This lets us clean up some places that were already with
      localized hacks.
      
      Most of the pg_malloc/palloc changes in this patch were authored by
      Andres Freund. Zoltán Böszörményi also independently provided a form of
      that.  libpgcommon infrastructure was authored by Álvaro.
      8396447c
    • Peter Eisentraut's avatar
  2. 11 Feb, 2013 3 commits
    • Heikki Linnakangas's avatar
      Support unlogged GiST index. · 62401db4
      Heikki Linnakangas authored
      The reason this wasn't supported before was that GiST indexes need an
      increasing sequence to detect concurrent page-splits. In a regular WAL-
      logged GiST index, the LSN of the page-split record is used for that
      purpose, and in a temporary index, we can get away with a backend-local
      counter. Neither of those methods works for an unlogged relation.
      
      To provide such an increasing sequence of numbers, create a "fake LSN"
      counter that is saved and restored across shutdowns. On recovery, unlogged
      relations are blown away, so the counter doesn't need to survive that
      either.
      
      Jeevan Chalke, based on discussions with Robert Haas, Tom Lane and me.
      62401db4
    • Heikki Linnakangas's avatar
      Fix checkpoint after fast promotion. · b669f416
      Heikki Linnakangas authored
      The intention was to request a regular online checkpoint immediately after
      end of recovery, when performing "fast promotion". However, because the
      checkpoint was requested before other backends were allowed to write WAL,
      the checkpointer process performed a restartpoint rather than a checkpoint.
      
      Delay the RequestCheckPoint call until after recovery has truly ended, so
      that you get a real checkpoint.
      b669f416
    • Heikki Linnakangas's avatar
      Include previous TLI in end-of-recovery and shutdown checkpoint records. · 7803e932
      Heikki Linnakangas authored
      This isn't used for anything but a sanity check at the moment, but it could
      be highly valuable for debugging purposes. It could also be used to recreate
      timeline history by traversing WAL, which seems useful.
      7803e932
  3. 10 Feb, 2013 4 commits
    • Tom Lane's avatar
      Further cleanup of gistsplit.c. · c352ea2d
      Tom Lane authored
      After further reflection I was unconvinced that the existing coding is
      guaranteed to return valid union datums in every code path for multi-column
      indexes.  Fix that by forcing a gistunionsubkey() call at the end of the
      recursion.  Having done that, we can remove some clearly-redundant calls
      elsewhere.  This should be a little faster for multi-column indexes (since
      the previous coding would uselessly do such a call for each column while
      unwinding the recursion), as well as much harder to break.
      
      Also, simplify the handling of cases where one side or the other of a
      primary split contains only don't-care tuples.  The previous coding used a
      very ugly hack in removeDontCares() that essentially forced one random
      tuple to be treated as non-don't-care, providing a random initial choice of
      seed datum for the secondary split.  It seems unlikely that that method
      will give better-than-random splits.  Instead, treat such a split as
      degenerate and just let the next column determine the split, the same way
      that we handle fully degenerate cases where the two sides produce identical
      union datums.
      c352ea2d
    • Tom Lane's avatar
      Remove useless picksplit-doesn't-support-secondary-split log spam. · db3d7e9f
      Tom Lane authored
      This LOG message was put in over five years ago with the evident
      expectation that we'd make all GiST opclasses support secondary split
      directly.  However, no such thing ever happened, and indeed the number of
      opclasses supporting it decreased to zero in 9.2.  The reason is that
      improving on the default implementation isn't that easy --- the
      opclass-specific code that did exist, before 9.2, doesn't appear to have
      been any improvement over the default.
      
      Hence, remove the message altogether.  There's certainly no point in
      nagging users about this in released branches, but I doubt that we'll
      ever implement complete opclass-specific support anyway.
      db3d7e9f
    • Tom Lane's avatar
      Remove vestigial secondary-split support in gist_box_picksplit(). · dacc185f
      Tom Lane authored
      Not only is this implementation of secondary-split not better than the
      default implementation in gistsplit.c, it's actually worse.  The gistsplit.c
      code at least looks to see if switching the left and right sides would make
      a better merge with the previously-split tuples, while this doesn't.
      
      In any case it's rather useless to support secondary split only in an edge
      case.  There used to be more complete support for it here (in chooseLR()),
      but that was removed in commit 7f3bd868.
      It appears to me though that the chooseLR() code was really isomorphic to
      the default implementation, since it was still based on choosing the cheaper
      way of adding two sub-split vectors that had been chosen without regard to
      the primary split initially.  I think an implementation of secondary split
      that could beat the default implementation would have to be pretty fully
      integrated into the split algorithm, not plastered on at the end.
      
      Back-patch to 9.2, but not further; previous branches have the chooseLR()
      code which I don't feel a great need to mess with.  This is mainly so we
      just have two behaviors and not three among the various branches (IOW, this
      patch is cleanup for commit 7f3bd868's
      incomplete removal of secondary-split support).
      dacc185f
    • Tom Lane's avatar
      Document and clean up gistsplit.c. · 0fd0f368
      Tom Lane authored
      Improve comments, rename some variables and functions, slightly simplify
      a couple of APIs, in an attempt to make this code readable by people other
      than its original author.
      
      Even though this is essentially just cosmetic, back-patch to all active
      branches, because otherwise it's going to make back-patching future fixes
      in this file very painful.
      0fd0f368
  4. 09 Feb, 2013 5 commits
  5. 08 Feb, 2013 12 commits
    • Tom Lane's avatar
      Simplify box_overlap computations. · f806c191
      Tom Lane authored
      Given the assumption that a box's high coordinates are not less than its
      low coordinates, the tests in box_ov() are overly complicated and can be
      reduced to about half as much work.  Since many other functions in
      geo_ops.c rely on that assumption, there doesn't seem to be a good reason
      not to use it here.
      
      Per discussion of Alexander Korotkov's GiST fix, which was already using
      the simplified logic (in a non-fuzzy form, but the equivalence holds just
      as well for fuzzy).
      f806c191
    • Tom Lane's avatar
      Fix gist_box_same and gist_point_consistent to handle fuzziness correctly. · 3c29b196
      Tom Lane authored
      While there's considerable doubt that we want fuzzy behavior in the
      geometric operators at all (let alone as currently implemented), nobody is
      stepping forward to redesign that stuff.  In the meantime it behooves us
      to make sure that index searches agree with the behavior of the underlying
      operators.  This patch fixes two problems in this area.
      
      First, gist_box_same was using fuzzy equality, but it really needs to use
      exact equality to prevent not-quite-identical upper index keys from being
      treated as identical, which for example would prevent an existing upper
      key from being extended by an amount less than epsilon.  This would result
      in inconsistent indexes.  (The next release notes will need to recommend
      that users reindex GiST indexes on boxes, polygons, circles, and points,
      since all four opclasses use gist_box_same.)
      
      Second, gist_point_consistent used exact comparisons for upper-page
      comparisons in ~= searches, when it needs to use fuzzy comparisons to
      ensure it finds all matches; and it used fuzzy comparisons for point <@ box
      searches, when it needs to use exact comparisons because that's what the
      <@ operator (rather inconsistently) does.
      
      The added regression test cases illustrate all three misbehaviors.
      
      Back-patch to all active branches.  (8.4 did not have GiST point_ops,
      but it still seems prudent to apply the gist_box_same patch to it.)
      
      Alexander Korotkov, reviewed by Noah Misch
      3c29b196
    • Alvaro Herrera's avatar
      Clean up c.h / postgres.h after Assert() move · 381d4b70
      Alvaro Herrera authored
      Per Tom
      381d4b70
    • Alvaro Herrera's avatar
      Fix Xmax freeze conditions · 5766228b
      Alvaro Herrera authored
      I broke this in 0ac5ad51; previously, freezing a tuple marked with an
      IS_MULTI xmax was not necessary.
      
      Per brokenness report from Jeff Janes.
      5766228b
    • Tom Lane's avatar
      doc: Fix mistakes in the most recent set of release notes. · 335c5e92
      Tom Lane authored
      Improve description of the vacuum_freeze_table_age bug (it's much more
      serious than we realized at the time the fix was committed), and correct
      attribution of pg_upgrade -O/-o fix (Marti Raudsepp contributed that,
      but Bruce forgot to credit him in the commit log).
      
      No need to back-patch right now, it'll happen when the next set of
      release notes are prepared.
      335c5e92
    • Magnus Hagander's avatar
      Fix another typo in a comment · c572bfaf
      Magnus Hagander authored
      Noted by Thom Brown
      c572bfaf
    • Peter Eisentraut's avatar
      Exclude access/rmgrlist.h from cpluspluscheck · cf4d67e8
      Peter Eisentraut authored
      It is not meant to be included standalone.
      cf4d67e8
    • Peter Eisentraut's avatar
      scripts: Add build prerequisite on libpgport · 47601421
      Peter Eisentraut authored
      Without this, building in src/bin/scripts directly will fail if
      libpgport wasn't built first.  Other bin components are handled the same
      way.
      
      Phil Sorber
      47601421
    • Magnus Hagander's avatar
      Fix typo in comment · 733701d2
      Magnus Hagander authored
      Etsuro Fujita
      733701d2
    • Peter Eisentraut's avatar
      doc: Rewrite how to get the source code · 858ef718
      Peter Eisentraut authored
      Instead of hardcoding a specific link, give a general link to the
      download section of the web site.  This gives the user more download
      options and the sysadmins more flexibility.  Also, the previously
      presented link didn't work for devel versions.
      858ef718
    • Tom Lane's avatar
      Fix performance issue in EXPLAIN (ANALYZE, TIMING OFF). · bcc6c4c2
      Tom Lane authored
      Commit af7914c6, which added the TIMING
      option to EXPLAIN, had an oversight: if the TIMING option is disabled
      then control in InstrStartNode() goes through an elog(DEBUG2) call, which
      typically does nothing but takes a noticeable amount of time to do it.
      Tweak the logic to avoid that.
      
      In HEAD, also change the elog(DEBUG2)'s in instrument.c to elog(ERROR).
      It's not very clear why they weren't like that to begin with, but this
      episode shows that not complaining more vociferously about misuse is
      likely to do little except allow bugs to remain hidden.
      
      While at it, adjust some code that was making possibly-dangerous
      assumptions about flag bits being in the rightmost byte of the
      instrument_options word.
      
      Problem reported by Pavel Stehule (via Tomas Vondra).
      bcc6c4c2
    • Tom Lane's avatar
      Make contrib/btree_gist's GiST penalty function a bit saner. · 9221f9d4
      Tom Lane authored
      The previous coding supposed that the first differing bytes in two varlena
      datums must have the same sign difference as their overall comparison
      result.  This is obviously bogus for text strings in non-C locales, and
      probably wrong for numeric, and even for bytea I think it was wrong on
      machines where char is signed.  When the assumption failed, the function
      could deliver a zero or negative penalty in situations where such a result
      is quite ridiculous, leading the core GiST code to make very bad page-split
      decisions.
      
      To fix, take the absolute values of the byte-level differences.  Also,
      switch the code to using unsigned char not just char, so that the behavior
      will be consistent whether char is signed or not.
      
      Per investigation of a trouble report from Tomas Vondra.  Back-patch to all
      supported branches.
      9221f9d4
  6. 07 Feb, 2013 4 commits
    • Tom Lane's avatar
      Fix erroneous range-union logic for varlena types in contrib/btree_gist. · 94f565dc
      Tom Lane authored
      gbt_var_bin_union() failed to do the right thing when the existing range
      needed to be widened at both ends rather than just one end.  This could
      result in an invalid index in which keys that are present would not be
      found by searches, because the searches would not think they need to
      descend to the relevant leaf pages.  This error affected all the varlena
      datatypes supported by btree_gist (text, bytea, bit, numeric).
      
      Per investigation of a trouble report from Tomas Vondra.  (There is also
      an issue in gbt_var_penalty(), but that should only result in inefficiency
      not wrong answers.  I'm committing this separately so that we have a git
      state in which it can be tested that bad penalty results don't produce
      invalid indexes.)  Back-patch to all supported branches.
      94f565dc
    • Tom Lane's avatar
      Repair bugs in GiST page splitting code for multi-column indexes. · 166d534f
      Tom Lane authored
      When considering a non-last column in a multi-column GiST index,
      gistsplit.c tries to improve on the split chosen by the opclass-specific
      pickSplit function by considering penalties for the next column.  However,
      there were two bugs in this code: it failed to recompute the union keys for
      the leftmost index columns, even though these might well change after
      reassigning tuples; and it included the old union keys in the recomputation
      for the columns it did recompute, so that those keys couldn't get smaller
      even if they should.  The first problem could result in an invalid index
      in which searches wouldn't find index entries that are in fact present;
      the second would make the index less efficient to search.
      
      Both of these errors were caused by misuse of gistMakeUnionItVec, whose
      API was designed in a way that just begged such errors to be made.  There
      is no situation in which it's safe or useful to compute the union keys for
      a subset of the index columns, and there is no caller that wants any
      previous union keys to be included in the computation; so the undocumented
      choice to treat the union keys as in/out rather than pure output parameters
      is a waste of code as well as being dangerous.
      
      Hence, rather than just making a minimal patch, I've changed the API of
      gistMakeUnionItVec to remove the "startkey" parameter (it now always
      processes all index columns) and treat the attr/isnull arrays as purely
      output parameters.
      
      In passing, also get rid of a couple of unnecessary and dangerous uses
      of static variables in gistutil.c.  It's remarkable that the one in
      gistMakeUnionKey hasn't given us portability troubles before now, because
      in addition to posing a re-entrancy hazard, it was unsafely assuming that
      a static char[] array would have at least Datum alignment.
      
      Per investigation of a trouble report from Tomas Vondra.  (There are also
      some bugs in contrib/btree_gist to be fixed, but that seems like material
      for a separate patch.)  Back-patch to all supported branches.
      166d534f
    • Tom Lane's avatar
      Fix possible failure to send final transaction counts to stats collector. · c5aad8dc
      Tom Lane authored
      Normally, we suppress sending a tabstats message to the collector unless
      there were some actual table stats to send.  However, during backend exit
      we should force out the message if there are any transaction commit/abort
      counts to send, else the session's last few commit/abort counts will never
      get reported at all.  We had logic for this, but the short-circuit test
      at the top of pgstat_report_stat() ignored the "force" flag, with the
      consequence that session-ending transactions that touched no database-local
      tables would not get counted.  Seems to be an oversight in my commit
      641912b4, which added the "force" flag.
      That was back in 8.3, so back-patch to all supported versions.
      c5aad8dc
    • Simon Riggs's avatar
      Rely only on checkpoint 1 at end of recovery. · 072521b8
      Simon Riggs authored
      Searching for checkpoint 2 (previous) is not
      correct in all cases.
      
      Bug report from Heikki Linnakangas
      072521b8
  7. 06 Feb, 2013 3 commits
  8. 04 Feb, 2013 4 commits
    • Tom Lane's avatar
      Prevent execution of enum_recv() from SQL. · ab0f7b60
      Tom Lane authored
      This function was misdeclared to take cstring when it should take internal.
      This at least allows crashing the server, and in principle an attacker
      might be able to use the function to examine the contents of server memory.
      
      The correct fix is to adjust the system catalog contents (and fix the
      regression tests that should have caught this but failed to).  However,
      asking users to correct the catalog contents in existing installations
      is a pain, so as a band-aid fix for the back branches, install a check
      in enum_recv() to make it throw error if called with a cstring argument.
      We will later revert this in HEAD in favor of correcting the catalogs.
      
      Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue.
      
      Security: CVE-2013-0255
      ab0f7b60
    • Tom Lane's avatar
    • Simon Riggs's avatar
      Reset vacuum_defer_cleanup_age to PGC_SIGHUP. · f480e294
      Simon Riggs authored
      Revert commit 84725aa5
      f480e294
    • Simon Riggs's avatar
      Reset master xmin when hot_standby_feedback disabled. · bd56e741
      Simon Riggs authored
      If walsender has xmin of standby then ensure we
      reset the value to 0 when we change from hot_standby_feedback=on
      to hot_standby_feedback=off.
      bd56e741
  9. 03 Feb, 2013 1 commit
    • Tom Lane's avatar
      Perform line wrapping and indenting by default in ruleutils.c. · 62e66640
      Tom Lane authored
      This patch changes pg_get_viewdef() and allied functions so that
      PRETTY_INDENT processing is always enabled.  Per discussion, only the
      PRETTY_PAREN processing (that is, stripping of "unnecessary" parentheses)
      poses any real forward-compatibility risk, so we may as well make dump
      output look as nice as we safely can.
      
      Also, set the default wrap length to zero (i.e, wrap after each SELECT
      or FROM list item), since there's no very principled argument for the
      former default of 80-column wrapping, and most people seem to agree this
      way looks better.
      
      Marko Tiikkaja, reviewed by Jeevan Chalke, further hacking by Tom Lane
      62e66640