1. 16 Jun, 2013 1 commit
  2. 15 Jun, 2013 4 commits
    • Tom Lane's avatar
      Use WaitLatch, not pg_usleep, for delaying in pg_sleep(). · a64ca63e
      Tom Lane authored
      This avoids platform-dependent behavior wherein pg_sleep() might fail to be
      interrupted by statement timeout, query cancel, SIGTERM, etc.  Also, since
      there's no reason to wake up once a second any more, we can reduce the
      power consumption of a sleeping backend a tad.
      
      Back-patch to 9.3, since use of SA_RESTART for SIGALRM makes this a bigger
      issue than it used to be.
      a64ca63e
    • Fujii Masao's avatar
      Fix pg_restore -l with the directory archive to display the correct format name. · f69aece6
      Fujii Masao authored
      Back-patch to 9.1 where the directory archive was introduced.
      f69aece6
    • Tom Lane's avatar
      Use SA_RESTART for all signals, including SIGALRM. · 873ab972
      Tom Lane authored
      The exclusion of SIGALRM dates back to Berkeley days, when Postgres used
      SIGALRM in only one very short stretch of code.  Nowadays, allowing it to
      interrupt kernel calls doesn't seem like a very good idea, since its use
      for statement_timeout means SIGALRM could occur anyplace in the code, and
      there are far too many call sites where we aren't prepared to deal with
      EINTR failures.  When third-party code is taken into consideration, it
      seems impossible that we ever could be fully EINTR-proof, so better to
      use SA_RESTART always and deal with the implications of that.  One such
      implication is that we should not assume pg_usleep() will be terminated
      early by a signal.  Therefore, long sleeps should probably be replaced
      by WaitLatch operations where practical.
      
      Back-patch to 9.3 so we can get some beta testing on this change.
      873ab972
    • Tom Lane's avatar
      Be consistent about #define'ing configure symbols as "1" not empty. · 5242fefb
      Tom Lane authored
      This is just neatnik-ism, since all the tests in the code are #ifdefs,
      but we shouldn't specify symbols as "Define to 1 ..." and then not
      actually define them that way.
      5242fefb
  3. 14 Jun, 2013 8 commits
    • Heikki Linnakangas's avatar
      Add :client_id automatic variable for custom pgbench scripts. · b2316088
      Heikki Linnakangas authored
      This makes it easier to write custom scripts that have different logic for
      each client.
      
      Gurjeet Singh, with some changes by me.
      b2316088
    • Tom Lane's avatar
    • Tom Lane's avatar
      8a3f0894
    • Tom Lane's avatar
      Stamp HEAD as 9.4devel. · 58ae1f45
      Tom Lane authored
      Let the hacking begin ...
      58ae1f45
    • Tom Lane's avatar
      Avoid deadlocks during insertion into SP-GiST indexes. · e472b921
      Tom Lane authored
      SP-GiST's original scheme for avoiding deadlocks during concurrent index
      insertions doesn't work, as per report from Hailong Li, and there isn't any
      evident way to make it work completely.  We could possibly lock individual
      inner tuples instead of their whole pages, but preliminary experimentation
      suggests that the performance penalty would be huge.  Instead, if we fail
      to get a buffer lock while descending the tree, just restart the tree
      descent altogether.  We keep the old tuple positioning rules, though, in
      hopes of reducing the number of cases where this can happen.
      
      Teodor Sigaev, somewhat edited by Tom Lane
      e472b921
    • Tom Lane's avatar
      Remove special-case treatment of LOG severity level in standalone mode. · c62866ee
      Tom Lane authored
      elog.c has historically treated LOG messages as low-priority during
      bootstrap and standalone operation.  This has led to confusion and even
      masked a bug, because the normal expectation of code authors is that
      elog(LOG) will put something into the postmaster log, and that wasn't
      happening during initdb.  So get rid of the special-case rule and make
      the priority order the same as it is in normal operation.  To keep from
      cluttering initdb's output and the behavior of a standalone backend,
      tweak the severity level of three messages routinely issued by xlog.c
      during startup and shutdown so that they won't appear in these cases.
      Per my proposal back in December.
      c62866ee
    • Tom Lane's avatar
      Refactor checksumming code to make it easier to use externally. · f0421634
      Tom Lane authored
      pg_filedump and other external utility programs are likely to want to be
      able to check Postgres page checksums.  To avoid messy duplication of code,
      move the checksumming functionality into an exported header file, much as
      we did awhile back for the CRC code.
      
      In passing, get rid of an unportable assumption that a static char[] array
      will be word-aligned, and do some other minor code beautification.
      f0421634
    • Peter Eisentraut's avatar
      PL/Python: Fix type mixup · fa2fc066
      Peter Eisentraut authored
      Memory was allocated based on the sizeof a type that was not the type of
      the pointer that the result was being assigned to.  The types happen to
      be of the same size, but it's still wrong.
      fa2fc066
  4. 13 Jun, 2013 1 commit
    • Tom Lane's avatar
      Only install a portal's ResourceOwner if it actually has one. · 629b3e96
      Tom Lane authored
      In most scenarios a portal without a ResourceOwner is dead and not subject
      to any further execution, but a portal for a cursor WITH HOLD remains in
      existence with no ResourceOwner after the creating transaction is over.
      In this situation, if we attempt to "execute" the portal directly to fetch
      data from it, we were setting CurrentResourceOwner to NULL, leading to a
      segfault if the datatype output code did anything that required a resource
      owner (such as trying to fetch system catalog entries that weren't already
      cached).  The case appears to be impossible to provoke with stock libpq,
      but psqlODBC at least is able to cause it when working with held cursors.
      
      Simplest fix is to just skip the assignment to CurrentResourceOwner, so
      that any resources used by the data output operations will be managed by
      the transaction-level resource owner instead.  For consistency I changed
      all the places that install a portal's resowner as current, even though
      some of them are probably not reachable with a held cursor's portal.
      
      Per report from Joshua Berry (with thanks to Hiroshi Inoue for developing
      a self-contained test case).  Back-patch to all supported versions.
      629b3e96
  5. 12 Jun, 2013 8 commits
    • Noah Misch's avatar
      Avoid reading past datum end when parsing JSON. · 66008564
      Noah Misch authored
      Several loops in the JSON parser examined a byte in memory just before
      checking whether its address was in-bounds, so they could read one byte
      beyond the datum's allocation.  A SIGSEGV is possible.  New in 9.3, so
      no back-patch.
      66008564
    • Noah Misch's avatar
      Avoid reading below the start of a stack variable in tokenize_file(). · 3a5d0c55
      Noah Misch authored
      We would wrongly overwrite the prior stack byte if it happened to
      contain '\n' or '\r'.  New in 9.3, so no back-patch.
      3a5d0c55
    • Noah Misch's avatar
      Don't pass oidvector by value. · 813895e4
      Noah Misch authored
      Since the structure ends with a flexible array, doing so truncates any
      vector having more than one element.  New in 9.3, so no back-patch.
      813895e4
    • Noah Misch's avatar
      Observe array length in HaveVirtualXIDsDelayingChkpt(). · fb435f40
      Noah Misch authored
      Since commit f21bb9cf, this function
      ignores the caller-provided length and loops until it finds a
      terminator, which GetVirtualXIDsDelayingChkpt() never adds.  Restore the
      previous loop control logic.  In passing, revert the addition of an
      unused variable by the same commit, presumably a debugging relic.
      fb435f40
    • Noah Misch's avatar
      Don't use ordinary NULL-terminated strings as Name datums. · ff53890f
      Noah Misch authored
      Consumers are entitled to read the full 64 bytes pertaining to a Name;
      using a shorter NULL-terminated string leads to reading beyond the end
      its allocation; a SIGSEGV is possible.  Use the frequent idiom of
      copying to a NameData on the stack.  New in 9.3, so no back-patch.
      ff53890f
    • Tom Lane's avatar
      Improve updatability checking for views and foreign tables. · dc3eb563
      Tom Lane authored
      Extend the FDW API (which we already changed for 9.3) so that an FDW can
      report whether specific foreign tables are insertable/updatable/deletable.
      The default assumption continues to be that they're updatable if the
      relevant executor callback function is supplied by the FDW, but finer
      granularity is now possible.  As a test case, add an "updatable" option to
      contrib/postgres_fdw.
      
      This patch also fixes the information_schema views, which previously did
      not think that foreign tables were ever updatable, and fixes
      view_is_auto_updatable() so that a view on a foreign table can be
      auto-updatable.
      
      initdb forced due to changes in information_schema views and the functions
      they rely on.  This is a bit unfortunate to do post-beta1, but if we don't
      change this now then we'll have another API break for FDWs when we do
      change it.
      
      Dean Rasheed, somewhat editorialized on by Tom Lane
      dc3eb563
    • Andrew Dunstan's avatar
      Fix unescaping of JSON Unicode escapes, especially for non-UTF8. · 78ed8e03
      Andrew Dunstan authored
      Per discussion  on -hackers. We treat Unicode escapes when unescaping
      them similarly to the way we treat them in PostgreSQL string literals.
      Escapes in the ASCII range are always accepted, no matter what the
      database encoding. Escapes for higher code points are only processed in
      UTF8 databases, and attempts to process them in other databases will
      result in an error. \u0000 is never unescaped, since it would result in
      an impermissible null byte.
      78ed8e03
    • Robert Haas's avatar
      Improve description of loread/lowrite. · c1d729b4
      Robert Haas authored
      Patch by me, reviewed by Tatsuo Ishii.
      c1d729b4
  6. 11 Jun, 2013 2 commits
    • Tom Lane's avatar
      Fix cache flush hazard in cache_record_field_properties(). · e262755b
      Tom Lane authored
      We need to increment the refcount on the composite type's cached tuple
      descriptor while we do lookups of its column types.  Otherwise a cache
      flush could occur and release the tuple descriptor before we're done with
      it.  This fails reliably with -DCLOBBER_CACHE_ALWAYS, but the odds of a
      failure in a production build seem rather low (since the pfree'd descriptor
      typically wouldn't get scribbled on immediately).  That may explain the
      lack of any previous reports.  Buildfarm issue noted by Christian Ullrich.
      
      Back-patch to 9.1 where the bogus code was added.
      e262755b
    • Tatsuo Ishii's avatar
      Add description that loread()/lowrite() are corresponding to · ecdec470
      Tatsuo Ishii authored
      lo_read()/lo_write() in libpq to avoid confusion.
      ecdec470
  7. 10 Jun, 2013 2 commits
    • Fujii Masao's avatar
      Fix pg_isready to handle conninfo properly. · 941c4ece
      Fujii Masao authored
      pg_isready displays the host name and the port number that it uses to connect
      to the server. So far, pg_isready didn't use the conninfo specified in -d option
      for calculating those host name and port number. This can lead to wrong display
      to a user. This commit changes pg_isready so that it uses the conninfo for that
      calculation.
      
      Original patch by Phil Sorber, modified by me.
      941c4ece
    • Joe Conway's avatar
      Fix ordering of obj id for Rules and EventTriggers in pg_dump. · 33a4466f
      Joe Conway authored
      getSchemaData() must identify extension member objects and mark them
      as not to be dumped. This must happen after reading all objects that can be
      direct members of extensions, but before we begin to process table subsidiary
      objects. Both rules and event triggers were wrong in this regard.
      
      Backport rules portion of patch to 9.1 -- event triggers do not exist prior to 9.3.
      Suggested fix by Tom Lane, initial complaint and patch by me.
      33a4466f
  8. 09 Jun, 2013 4 commits
    • Tom Lane's avatar
      Tweak postgres_fdw regression test so autovacuum doesn't change results. · e0b451e4
      Tom Lane authored
      Autovacuum occurring while the test runs could allow some of the inserts to
      go into recycled space, thus changing the output ordering of later queries.
      While we could complicate those queries to force sorting of their output
      rows, it doesn't seem like that would make the test better in any
      meaningful way, and conceivably it could hide unexpected diffs.  Instead,
      tweak the affected queries so that the inserted rows aren't updated by the
      following UPDATE.  Per buildfarm.
      e0b451e4
    • Tom Lane's avatar
      Remove unnecessary restrictions about RowExprs in transformAExprIn(). · a4424c57
      Tom Lane authored
      When the existing code here was written, it made sense to special-case
      RowExprs because that was the only way that we could handle row comparisons
      at all.  Now that we have record_eq() and arrays of composites, the generic
      logic for "scalar" types will in fact work on RowExprs too, so there's no
      reason to throw error for combinations of RowExprs and other ways of
      forming composite values, nor to ignore the possibility of using a
      ScalarArrayOpExpr.  But keep using the old logic when comparing two
      RowExprs, for consistency with the main transformAExprOp() logic.  (This
      allows some cases with not-quite-identical rowtypes to succeed, so we might
      get push-back if we removed it.)  Per bug #8198 from Rafal Rzepecki.
      
      Back-patch to all supported branches, since this works fine as far back as
      8.4.
      
      Rafal Rzepecki and Tom Lane
      a4424c57
    • Tom Lane's avatar
      Remove ALTER DEFAULT PRIVILEGES' requirement of schema CREATE permissions. · f3839ea1
      Tom Lane authored
      Per discussion, this restriction isn't needed for any real security reason,
      and it seems to confuse people more often than it helps them.  It could
      also result in some database states being unrestorable.  So just drop it.
      
      Back-patch to 9.0, where ALTER DEFAULT PRIVILEGES was introduced.
      f3839ea1
    • Tom Lane's avatar
      Remove fixed limit on the number of concurrent AllocateFile() requests. · 007556bf
      Tom Lane authored
      AllocateFile(), AllocateDir(), and some sister routines share a small array
      for remembering requests, so that the files can be closed on transaction
      failure.  Previously that array had a fixed size, MAX_ALLOCATED_DESCS (32).
      While historically that had seemed sufficient, Steve Toutant pointed out
      that this meant you couldn't scan more than 32 file_fdw foreign tables in
      one query, because file_fdw depends on the COPY code which uses
      AllocateFile().  There are probably other cases, or will be in the future,
      where this nonconfigurable limit impedes users.
      
      We can't completely remove any such limit, at least not without a lot of
      work, since each such request requires a kernel file descriptor and most
      platforms limit the number we can have.  (In principle we could
      "virtualize" these descriptors, as fd.c already does for the main VFD pool,
      but not without an additional layer of overhead and a lot of notational
      impact on the calling code.)  But we can at least let the array size be
      configurable.  Hence, change the code to allow up to max_safe_fds/2
      allocated file requests.  On modern platforms this should allow several
      hundred concurrent file_fdw scans, or more if one increases the value of
      max_files_per_process.  To go much further than that, we'd need to do some
      more work on the data structure, since the current code for closing
      requests has potentially O(N^2) runtime; but it should still be all right
      for request counts in this range.
      
      Back-patch to 9.1 where contrib/file_fdw was introduced.
      007556bf
  9. 08 Jun, 2013 3 commits
    • Andrew Dunstan's avatar
      Don't downcase non-ascii identifier chars in multi-byte encodings. · d535136b
      Andrew Dunstan authored
      Long-standing code has called tolower() on identifier character bytes
      with the high bit set. This is clearly an error and produces junk output
      when the encoding is multi-byte. This patch therefore restricts this
      activity to cases where there is a character with the high bit set AND
      the encoding is single-byte.
      
      There have been numerous gripes about this, most recently from Martin
      Schäfer.
      
      Backpatch to all live releases.
      d535136b
    • Andrew Dunstan's avatar
      Handle Unicode surrogate pairs correctly when processing JSON. · 94e3311b
      Andrew Dunstan authored
      In 9.2, Unicode escape sequences are not analysed at all other than
      to make sure that they are in the form \uXXXX. But in 9.3 many of the
      new operators and functions try to turn JSON text values into text in
      the server encoding, and this includes de-escaping Unicode escape
      sequences. This processing had not taken into account the possibility
      that this might contain a surrogate pair to designate a character
      outside the BMP. That is now handled correctly.
      
      This also enforces correct use of surrogate pairs, something that is not
      done by the type's input routines. This fact is noted in the docs.
      94e3311b
    • Peter Eisentraut's avatar
      doc: Fix <synopsis> in <term> markup · c99d5d1b
      Peter Eisentraut authored
      Although the DTD technically allows this, the resulting HTML is invalid
      because it puts block elements inside inline elements.  DocBook 5.0 also
      doesn't allow it anymore, so it's fair to assume that this was never
      really intended to work.  Replace <synopsis> with <literal>, which is
      the markup used elsewhere in the documentation in similar cases.
      c99d5d1b
  10. 07 Jun, 2013 3 commits
  11. 06 Jun, 2013 4 commits
    • Heikki Linnakangas's avatar
      Fix typo in comment. · f73cb556
      Heikki Linnakangas authored
      f73cb556
    • Robert Haas's avatar
      a6370fd9
    • Bruce Momjian's avatar
      pg_upgrade: document that --link should be used with --check · e2c84bc9
      Bruce Momjian authored
      Backpatch to 9.2.
      e2c84bc9
    • Tom Lane's avatar
      Prevent pushing down WHERE clauses into unsafe UNION/INTERSECT nests. · 964c0d0f
      Tom Lane authored
      The planner is aware that it mustn't push down upper-level quals into
      subqueries if the quals reference subquery output columns that contain
      set-returning functions or volatile functions, or are non-DISTINCT outputs
      of a DISTINCT ON subquery.  However, it missed making this check when
      there were one or more levels of UNION or INTERSECT above the dangerous
      expression.  This could lead to "set-valued function called in context that
      cannot accept a set" errors, as seen in bug #8213 from Eric Soroos, or to
      silently wrong answers in the other cases.
      
      To fix, refactor the checks so that we make the column-is-unsafe checks
      during subquery_is_pushdown_safe(), which already has to recursively
      inspect all arms of a set-operation tree.  This makes
      qual_is_pushdown_safe() considerably simpler, at the cost that we will
      spend some cycles checking output columns that possibly aren't referenced
      in any upper qual.  But the cases where this code gets executed at all
      are already nontrivial queries, so it's unlikely anybody will notice any
      slowdown of planning.
      
      This has been broken since commit 05f916e6,
      which makes the bug over ten years old.  A bit surprising nobody noticed it
      before now.
      964c0d0f