1. 07 May, 2009 1 commit
    • Heikki Linnakangas's avatar
      Request XLOG switch before writing checkpoint in pg_start_backup(). Otherwise · 223431cb
      Heikki Linnakangas authored
      you can end up with an unrecoverable backup if you start a new base backup
      right after finishing archive recovery. In that scenario, the redo pointer of
      the checkpoint that pg_start_backup() writes points to the XLOG segment where
      the timeline-changing end-of-archive-recovery checkpoint is. The beginning
      of that segment contains pages with the old timeline ID, and we don't accept
      that in recovery unless we find a history file covering the old timeline ID.
      If you omit pg_xlog from the base backup and clear the archive directory
      before starting the backup, there will be no such history file available.
      
      The bug is present in all versions since PITR was introduced in 8.0, but I'm
      back-patching only back to 8.2. Earlier versions didn't have XLOG switch
      records, making this fix unfeasible. Given the lack of reports until now,
      it doesn't seem worthwhile to spend more effort to fix 8.0 and 8.1.
      
      Per report and suggestion by Mikael Krantz
      223431cb
  2. 06 May, 2009 3 commits
    • Tom Lane's avatar
      Tweak distribute_qual_to_rels so that when we decide a pseudoconstant qual · 1f36fece
      Tom Lane authored
      can be pushed to the top of the join tree, we update both the relids and
      qualscope variables to keep them in sync.  This prevents a possible later
      failure of an Assert clause, and affects nothing else since qualscope isn't
      used later except for that Assert.  At the moment the Assert shouldn't be
      reachable when we've pushed the qual up; but this is cheap insurance, and
      it's more sensible anyway in terms of the overall logic of the routine.
      Per analysis of a bug report from Stefan Huehner.
      
      I'm not back-patching this since it's just future-proofing; but if anyone
      gets tempted to change check_outerjoin_delay again in the back branches,
      this might be needed.
      1f36fece
    • Tom Lane's avatar
      Modify CREATE DATABASE to enforce that the source database's encoding setting · 421c66b7
      Tom Lane authored
      must be used for the new database, except when copying from template0.
      This is the same rule that we now enforce for locale settings, and it has
      the same motivation: databases other than template0 might contain data that
      would be invalid according to a different setting.  This represents another
      step in a continuing process of locking down ways in which encoding violations
      could occur inside the backend.  Per discussion of a few days ago.
      
      In passing, fix pre-existing breakage of mbregress.sh, and fix up a couple
      of ereport() calls in dbcommands.c that failed to specify sqlstate codes.
      421c66b7
    • Tom Lane's avatar
      Fix ecpg tests for change that disallowed Unicode literals unless · ab4e386a
      Tom Lane authored
      standard_conforming_strings is on.
      ab4e386a
  3. 05 May, 2009 11 commits
    • Tom Lane's avatar
      Tweak a comment to agree a bit better with the new dispensation that · d7ee3355
      Tom Lane authored
      locales are database-wide, not server-wide.
      d7ee3355
    • Tom Lane's avatar
      Minor improvement: avoid assuming that GetLastError value cannot be · 2fe0f296
      Tom Lane authored
      affected by CloseHandle() or Sleep().
      2fe0f296
    • Tom Lane's avatar
      Make new complaint about unsafe Unicode literals include an error location. · 1bbbcb04
      Tom Lane authored
      Every other ereport in scan.l has one, this should too.
      1bbbcb04
    • Tom Lane's avatar
      Install an atexit(2) callback that ensures that proc_exit's cleanup processing · 249a899f
      Tom Lane authored
      will still be performed if something in a backend process calls exit()
      directly, instead of going through proc_exit() as we prefer.  This is a second
      response to the issue that we might load third-party code that doesn't know it
      should not call exit().  Such a call will now cause a reasonably graceful
      backend shutdown, if possible.  (Of course, if the reason for the exit() call
      is out-of-memory or some such, we might not be able to recover, but at least
      we will try.)
      249a899f
    • Tom Lane's avatar
      Install a "dead man switch" to allow the postmaster to detect cases where · 969d7cd4
      Tom Lane authored
      a backend has done exit(0) or exit(1) without having disengaged itself
      from shared memory.  We are at risk for this whenever third-party code is
      loaded into a backend, since such code might not know it's supposed to go
      through proc_exit() instead.  Also, it is reported that under Windows
      there are ways to externally kill a process that cause the status code
      returned to the postmaster to be indistinguishable from a voluntary exit
      (thank you, Microsoft).  If this does happen then the system is probably
      hosed --- for instance, the dead session might still be holding locks.
      So the best recovery method is to treat this like a backend crash.
      
      The dead man switch is armed for a particular child process when it
      acquires a regular PGPROC, and disarmed when the PGPROC is released;
      these should be the first and last touches of shared memory resources
      in a backend, or close enough anyway.  This choice means there is no
      coverage for auxiliary processes, but I doubt we need that, since they
      shouldn't be executing any user-provided code anyway.
      
      This patch also improves the management of the EXEC_BACKEND
      ShmemBackendArray array a bit, by reducing search costs.
      
      Although this problem is of long standing, the lack of field complaints
      seems to mean it's not critical enough to risk back-patching; at least
      not till we get some more testing of this mechanism.
      969d7cd4
    • Tom Lane's avatar
      Insert CHECK_FOR_INTERRUPTS() calls into btree and hash index scans at the · 8f348112
      Tom Lane authored
      points where we step right or left to the next page.  This should ensure
      reasonable response time to a query cancel request during an unsuccessful
      index scan, as seen in recent gripe from Marc Cousin.  It's a bit trickier
      than it might seem at first glance, because CHECK_FOR_INTERRUPTS() is a no-op
      if executed while holding a buffer lock.  So we have to do it just at the
      point where we've dropped one page lock and not yet acquired the next.
      
      Remove CHECK_FOR_INTERRUPTS calls at the top level of btgetbitmap and
      hashgetbitmap, since they're pointless given the added checks.
      
      I think that GIST is okay already --- at least, there's a CHECK_FOR_INTERRUPTS
      at a plausible-looking place in gistnext().  I don't claim to know GIN well
      enough to try to poke it for this, if indeed it has a problem at all.
      
      This is a pre-existing issue, but in view of the lack of prior complaints
      I'm not going to risk back-patching.
      8f348112
    • Tom Lane's avatar
      Update comment for _bt_relandgetbuf. · 2aa5ca95
      Tom Lane authored
      2aa5ca95
    • Peter Eisentraut's avatar
      Disable the use of Unicode escapes in string constants (U&'') when · 40bc4c26
      Peter Eisentraut authored
      standard_conforming_strings is not on, for security reasons.
      40bc4c26
    • Tom Lane's avatar
      Avoid integer overflow in the loop that extracts histogram entries from · 616bceb8
      Tom Lane authored
      ANALYZE's total sample.  The original coding is at risk of overflow for
      statistics targets exceeding about 2675; this was not a problem before
      8.4 but it is now.  Per bug #4793 from Dennis Noordsij.
      616bceb8
    • Magnus Hagander's avatar
      Make the win32 shared memory code try 10 times instead of one if · 5d540add
      Magnus Hagander authored
      it fails because the shared memory segment already exists. This
      means it can take up to 10 seconds before it reports the error
      if it *does* exist, but hopefully it will make the system capable
      of restarting even when the server is under high load.
      5d540add
    • Tom Lane's avatar
      Code review for \df rewrite: fix assorted bugs, make type and · 9f4e9bfa
      Tom Lane authored
      volatility columns localizable.
      9f4e9bfa
  4. 04 May, 2009 6 commits
  5. 03 May, 2009 6 commits
  6. 02 May, 2009 4 commits
    • Tom Lane's avatar
      Install some simple defenses in postmaster startup to help ensure a useful · d90984f4
      Tom Lane authored
      error message if the installation directory layout is messed up (or at least,
      something more useful than the behavior exhibited in bug #4787).  During
      postmaster startup, check that get_pkglib_path resolves as a readable
      directory; and if ParseTzFile() fails to open the expected timezone
      abbreviation file, check the possibility that the directory is missing rather
      than just the specified file.  In case of either failure, issue a hint
      suggesting that the installation is broken.  These two checks cover the lib/
      and share/ trees of a full installation, which should take care of most
      scenarios where a sysadmin decides to get cute.
      d90984f4
    • Tom Lane's avatar
      We don't need major_release_split any more. · a16e007c
      Tom Lane authored
      a16e007c
    • Tom Lane's avatar
      Split the release notes into a separate file for each (active) major branch, · 008fad58
      Tom Lane authored
      as per my recent proposal.  release.sgml itself is now just a stub that should
      change rarely; ideally, only once per major release to add a new include line.
      Most editing work will occur in the release-N.N.sgml files.  To update a back
      branch for a minor release, just copy the appropriate release-N.N.sgml
      file(s) into the back branch.
      
      This commit doesn't change the end-product documentation at all, only the
      source layout.  However, it makes it easy to start omitting ancient information
      from newer branches' documentation, should we ever decide to do that.
      008fad58
    • Tom Lane's avatar
      Fix plpgsql's EXIT so that an EXIT without a label only matches a loop, · c91bf01b
      Tom Lane authored
      never a BEGIN block.  This is required for Oracle compatibility and is
      also plainly stated to be the behavior by our original documentation
      (up until 8.1, in which the docs were adjusted to match the code's behavior;
      but actually the old docs said the correct thing and the code was wrong).
      
      Not back-patched because this introduces an incompatibility that could
      break working applications.  Requires release note.
      c91bf01b
  7. 01 May, 2009 2 commits
    • Tom Lane's avatar
      Fix a couple of cases where the plpgsql grammar looked for T_WORD and · ccc6759d
      Tom Lane authored
      failed to consider the possibility that it would get T_SCALAR, T_RECORD,
      or T_ROW instead because the word happens to match a plpgsql variable name.
      In particular, give "duplicate declaration" rather than generic "syntax error"
      if the same identifier is declared twice in the same block, as per my recent
      complaint.  Also behave more sanely when decl_aliasitem or proc_condition or
      opt_lblname is coincidentally not T_WORD.  Refactor the related productions a
      bit to reduce duplication.
      
      This is a longstanding bug, but it doesn't seem critical enough to
      back-patch.
      ccc6759d
    • Tom Lane's avatar
      When checking for datetime field overflow, we should allow a fractional-second · fe1b07a6
      Tom Lane authored
      part that rounds up to exactly 1.0 second.  The previous coding rejected input
      like "00:12:57.9999999999999999999999999999", with the exact number of nines
      needed to cause failure varying depending on float-timestamp option and
      possibly on platform.  Obviously this should round up to the next integral
      second, if we don't have enough precision to distinguish the value from that.
      Per bug #4789 from Robert Kruus.
      
      In passing, fix a missed check for fractional seconds in one copy of the
      "is it greater than 24:00:00" code.
      
      Broken all the way back, so patch all the way back.
      fe1b07a6
  8. 30 Apr, 2009 1 commit
  9. 29 Apr, 2009 1 commit
    • Heikki Linnakangas's avatar
      Add check_keyword.pl script to perform some basic sanity checks to the · 19499bf9
      Heikki Linnakangas authored
      keyword lists in gram.y and kwlist.h. It checks that all lists are in
      alphabetical order, and that all keywords present in gram.y are listed
      in kwlist.h in the right category, and that all keywords in kwlist.h are
      also in gram.y. What's still missing is to check that all keywords
      defined  with "%token <keyword>" in gram.y are present in one of the
      keyword lists in gram.y.
      19499bf9
  10. 28 Apr, 2009 4 commits
  11. 27 Apr, 2009 1 commit