1. 28 Sep, 2016 4 commits
    • Robert Haas's avatar
      worker_spi: Call pgstat_report_stat. · 4929704a
      Robert Haas authored
      Without this, statistics changes accumulated by the worker never get
      reported to the stats collector, which is bad.
      
      Julien Rouhaud
      4929704a
    • Peter Eisentraut's avatar
      Fix CRC check handling in get_controlfile · e79e6c4d
      Peter Eisentraut authored
      The previous patch broke this by returning NULL for a failed CRC check,
      which pg_controldata would then try to read.  Fix by returning the
      result of the CRC check in a separate argument.
      
      Michael Paquier and myself
      e79e6c4d
    • Robert Haas's avatar
      Fix dangling pointer problem in ReorderBufferSerializeChange. · 308985b0
      Robert Haas authored
      Commit 3fe3511d introduced a new
      case into this function, but neglected to ensure that the "ondisk"
      pointer got updated after a possible reallocation as the code does
      in other cases.
      
      Stas Kelvich, per diagnosis by Konstantin Knizhnik.
      308985b0
    • Heikki Linnakangas's avatar
      Turn password_encryption GUC into an enum. · babe05bc
      Heikki Linnakangas authored
      This makes the parameter easier to extend, to support other password-based
      authentication protocols than MD5. (SCRAM is being worked on.)
      
      The GUC still accepts on/off as aliases for "md5" and "plain", although
      we may want to remove those once we actually add support for another
      password hash type.
      
      Michael Paquier, reviewed by David Steele, with some further edits by me.
      
      Discussion: <CAB7nPqSMXU35g=W9X74HVeQp0uvgJxvYOuA4A-A3M+0wfEBv-w@mail.gmail.com>
      babe05bc
  2. 27 Sep, 2016 6 commits
    • Tom Lane's avatar
      Disallow pushing volatile quals past set-returning functions. · 72daabc7
      Tom Lane authored
      Pushing an upper-level restriction clause into an unflattened
      subquery-in-FROM is okay when the subquery contains no SRFs in its
      targetlist, or when it does but the SRFs are unreferenced by the clause
      *and the clause is not volatile*.  Otherwise, we're changing the number
      of times the clause is evaluated, which is bad for volatile quals, and
      possibly changing the result, since a volatile qual might succeed for some
      SRF output rows and not others despite not referencing any of the changing
      columns.  (Indeed, if the clause is something like "random() > 0.5", the
      user is probably expecting exactly that behavior.)
      
      We had most of these restrictions down, but not the one about the upper
      clause not being volatile.  Fix that, and add a regression test to
      illustrate the expected behavior.
      
      Although this is definitely a bug, it doesn't seem like back-patch
      material, since possibly some users don't realize that the broken
      behavior is broken and are relying on what happens now.  Also, while
      the added test is quite cheap in the wake of commit a4c35ea1, it would
      be much more expensive (or else messier) in older branches.
      
      Per report from Tom van Tilburg.
      
      Discussion: <CAP3PPDiucxYCNev52=YPVkrQAPVF1C5PFWnrQPT7iMzO1fiKFQ@mail.gmail.com>
      72daabc7
    • Tom Lane's avatar
      Make struct ParallelSlot private within pg_dump/parallel.c. · 0109ab27
      Tom Lane authored
      The only field of this struct that other files have any need to touch
      is the pointer to the TocEntry a worker is working on.  (Well,
      pg_backup_archiver.c is actually looking at workerStatus too, but that
      can be finessed by specifying that the TocEntry pointer is NULL for a
      non-busy worker.)
      
      Hence, move out the TocEntry pointers to a separate array within
      struct ParallelState, and then we can make struct ParallelSlot private.
      
      I noted the possibility of this previously, but hadn't got round to
      actually doing it.
      
      Discussion: <1188.1464544443@sss.pgh.pa.us>
      0109ab27
    • Tom Lane's avatar
      Rationalize parallel dump/restore's handling of worker cmd/status messages. · fb03d08a
      Tom Lane authored
      The existing APIs for creating and parsing command and status messages are
      rather messy; for example, archive-format modules have to provide code
      for constructing command messages, which is entirely pointless since
      the code to read them is hard-wired in WaitForCommands() and hence
      no format-specific variation is actually possible.  But there's little
      foreseeable reason to need format-specific variation anyway.
      
      The situation for status messages is no better; at least those are both
      constructed and parsed by format-specific code, but said code is quite
      redundant since there's no actual need for format-specific variation.
      
      To add insult to injury, the first API involves returning pointers to
      static buffers, which is bad, while the second involves returning pointers
      to malloc'd strings, which is safer but randomly inconsistent.
      
      Hence, get rid of the MasterStartParallelItem and MasterEndParallelItem
      APIs, and instead write centralized functions that construct and parse
      command and status messages.  If we ever do need more flexibility, these
      functions can be the standard implementations of format-specific
      callback methods, but that's a long way off if it ever happens.
      
      Tom Lane, reviewed by Kevin Grittner
      
      Discussion: <17340.1464465717@sss.pgh.pa.us>
      fb03d08a
    • Tom Lane's avatar
      Redesign parallel dump/restore's wait-for-workers logic. · b7b8cc0c
      Tom Lane authored
      The ListenToWorkers/ReapWorkerStatus APIs were messy and hard to use.
      Instead, make DispatchJobForTocEntry register a callback function that
      will take care of state cleanup, doing whatever had been done by the caller
      of ReapWorkerStatus in the old design.  (This callback is essentially just
      the old mark_work_done function in the restore case, and a trivial test for
      worker failure in the dump case.)  Then we can have ListenToWorkers call
      the callback immediately on receipt of a status message, and return the
      worker to WRKR_IDLE state; so the WRKR_FINISHED state goes away.
      
      This allows us to design a unified wait-for-worker-messages loop:
      WaitForWorkers replaces EnsureIdleWorker and EnsureWorkersFinished as well
      as the mess in restore_toc_entries_parallel.  Also, we no longer need the
      fragile API spec that the caller of DispatchJobForTocEntry is responsible
      for ensuring there's an idle worker, since DispatchJobForTocEntry can just
      wait until there is one.
      
      In passing, I got rid of the ParallelArgs struct, which was a net negative
      in terms of notational verboseness, and didn't seem to be providing any
      noticeable amount of abstraction either.
      
      Tom Lane, reviewed by Kevin Grittner
      
      Discussion: <1188.1464544443@sss.pgh.pa.us>
      b7b8cc0c
    • Tom Lane's avatar
      Improve contrib/cube's handling of zero-D cubes, infinities, and NaNs. · f31a931f
      Tom Lane authored
      It's always been possible to create a zero-dimensional cube by converting
      from a zero-length float8 array, but cube_in failed to accept the '()'
      representation that cube_out produced for that case, resulting in a
      dump/reload hazard.  Make it accept the case.  Also fix a couple of
      other places that didn't behave sanely for zero-dimensional cubes:
      cube_size would produce 1.0 when surely the answer should be 0.0,
      and g_cube_distance risked a divide-by-zero failure.
      
      Likewise, it's always been possible to create cubes containing float8
      infinity or NaN coordinate values, but cube_in couldn't parse such input,
      and cube_out produced platform-dependent spellings of the values.  Convert
      them to use float8in_internal and float8out_internal so that the behavior
      will be the same as for float8, as we recently did for the core geometric
      types (cf commit 50861cd6).  As in that commit, I don't pretend that this
      patch fixes all insane corner-case behaviors that may exist for NaNs, but
      it's a step forward.
      
      (This change allows removal of the separate cube_1.out and cube_3.out
      expected-files, as the platform dependency that previously required them
      is now gone: an underflowing coordinate value will now produce an error
      not plus or minus zero.)
      
      Make errors from cube_in follow project conventions as to spelling
      ("invalid input syntax for cube" not "bad cube representation")
      and errcode (INVALID_TEXT_REPRESENTATION not SYNTAX_ERROR).
      
      Also a few marginal code cleanups and comment improvements.
      
      Tom Lane, reviewed by Amul Sul
      
      Discussion: <15085.1472494782@sss.pgh.pa.us>
      f31a931f
    • Alvaro Herrera's avatar
      Include <sys/select.h> where needed · 51c3e9fa
      Alvaro Herrera authored
      <sys/select.h> is required by POSIX.1-2001 to get the prototype of
      select(2), but nearly no systems enforce that because older standards
      let you get away with including some other headers.  Recent OpenBSD
      hacking has removed that frail touch of friendliness, however, which
      broke some compiles; fix all the way back to 9.1 by adding the required
      standard.  Only vacuumdb.c was reported to fail, but it seems easier to
      fix the whole lot in a fell swoop.
      
      Per bug #14334 by Sean Farrell.
      51c3e9fa
  3. 26 Sep, 2016 1 commit
  4. 27 Sep, 2016 1 commit
    • Tom Lane's avatar
      Fix newly-introduced issues in pgbench. · 9779bda8
      Tom Lane authored
      The result of FD_ISSET() doesn't necessarily fit in a bool, though
      assigning it to one might accidentally work depending on platform and which
      socket FD number is being inquired of.  Rewrite to test it with if(),
      rather than making any specific assumption about the result width,
      to match the way every other such call in PG is written.
      
      Don't break out of the input_mask-filling loop after finding the first
      client that we're waiting for results from.  That mostly breaks parallel
      query management.
      
      Also, if we choose not to call select(), be sure to clear out any bits
      the mask-filling loop might have set, so that we don't accidentally call
      doCustom for clients we don't know have input.  Doing so would likely
      be harmless, but it's a waste of cycles and doesn't seem to be intended.
      
      Make this_usec wide enough.  (Yeah, the value would usually fit in an
      int, but then why are we using int64 everywhere else?)
      
      Minor cosmetic adjustments, mostly comment improvements.
      
      Problems introduced by commit 12788ae4.  The first issue was discovered
      by buildfarm testing, the others by code review.
      9779bda8
  5. 26 Sep, 2016 3 commits
    • Tom Lane's avatar
      Replace the built-in GIN array opclasses with a single polymorphic opclass. · fdc9186f
      Tom Lane authored
      We had thirty different GIN array opclasses sharing the same operators and
      support functions.  That still didn't cover all the built-in types, nor
      did it cover arrays of extension-added types.  What we want is a single
      polymorphic opclass for "anyarray".  There were two missing features needed
      to make this possible:
      
      1. We have to be able to declare the index storage type as ANYELEMENT
      when the opclass is declared to index ANYARRAY.  This just takes a few
      more lines in index_create().  Although this currently seems of use only
      for GIN, there's no reason to make index_create() restrict it to that.
      
      2. We have to be able to identify the proper GIN compare function for
      the index storage type.  This patch proceeds by making the compare function
      optional in GIN opclass definitions, and specifying that the default btree
      comparison function for the index storage type will be looked up when the
      opclass omits it.  Again, that seems pretty generically useful.
      
      Since the comparison function lookup is done in initGinState(), making
      use of the second feature adds an additional cache lookup to GIN index
      access setup.  It seems unlikely that that would be very noticeable given
      the other costs involved, but maybe at some point we should consider
      making GinState data persist longer than it now does --- we could keep it
      in the index relcache entry, perhaps.
      
      Rather fortuitously, we don't seem to need to do anything to get this
      change to play nice with dump/reload or pg_upgrade scenarios: the new
      opclass definition is automatically selected to replace existing index
      definitions, and the on-disk data remains compatible.  Also, if a user has
      created a custom opclass definition for a non-builtin type, this doesn't
      break that, since CREATE INDEX will prefer an exact match to opcintype
      over a match to ANYARRAY.  However, if there's anyone out there with
      handwritten DDL that explicitly specifies _bool_ops or one of the other
      replaced opclass names, they'll need to adjust that.
      
      Tom Lane, reviewed by Enrique Meneses
      
      Discussion: <14436.1470940379@sss.pgh.pa.us>
      fdc9186f
    • Tom Lane's avatar
      Document has_type_privilege(). · a4afb2b5
      Tom Lane authored
      Evidently an oversight in commit 72920557.  Back-patch to 9.2 where
      privileges for types were introduced.
      
      Report: <20160922173517.8214.88959@wrigleys.postgresql.org>
      a4afb2b5
    • Heikki Linnakangas's avatar
      Refactor script execution state machine in pgbench. · 12788ae4
      Heikki Linnakangas authored
      The doCustom() function had grown into quite a mess. Rewrite it, in a more
      explicit state machine style, for readability.
      
      This also fixes one minor bug: if a script consisted entirely of meta
      commands, doCustom() never returned to the caller, so progress reports
      with the -P option were not printed. I don't want to backpatch this
      refactoring, and the bug is quite insignificant, so only commit this to
      master, and leave the bug unfixed in back-branches.
      
      Review and original bug report by Fabien Coelho.
      
      Discussion: <alpine.DEB.2.20.1607090850120.3412@sto>
      12788ae4
  6. 25 Sep, 2016 1 commit
    • Tom Lane's avatar
      Refer to OS X as "macOS", except for the port name which is still "darwin". · da6c4f6c
      Tom Lane authored
      We weren't terribly consistent about whether to call Apple's OS "OS X"
      or "Mac OS X", and the former is probably confusing to people who aren't
      Apple users.  Now that Apple has rebranded it "macOS", follow their lead
      to establish a consistent naming pattern.  Also, avoid the use of the
      ancient project name "Darwin", except as the port code name which does not
      seem desirable to change.  (In short, this patch touches documentation and
      comments, but no actual code.)
      
      I didn't touch contrib/start-scripts/osx/, either.  I suspect those are
      obsolete and due for a rewrite, anyway.
      
      I dithered about whether to apply this edit to old release notes, but
      those were responsible for quite a lot of the inconsistencies, so I ended
      up changing them too.  Anyway, Apple's being ahistorical about this,
      so why shouldn't we be?
      da6c4f6c
  7. 24 Sep, 2016 1 commit
  8. 23 Sep, 2016 9 commits
    • Tom Lane's avatar
      Install TAP test infrastructure so it's available for extension testing. · c3a08184
      Tom Lane authored
      When configured with --enable-tap-tests, "make install" will now install
      the Perl support files for TAP testing where PGXS will find them.
      This allows extensions to rely on $(prove_check) even when being built
      out-of-tree.  Back-patch to 9.4 where we first started to support TAP
      testing, to reduce the number of cases extension makefiles need to
      consider.
      
      Craig Ringer
      
      Discussion: <CAMsr+YFXv+2qne6xJW7z_25mYBtktRX5rpkrgrb+DRgQ_FxgHQ@mail.gmail.com>
      c3a08184
    • Tom Lane's avatar
      Doc: fix examples of # operators so they actually work. · 5a7bae06
      Tom Lane authored
      These worked as-is until around 7.0, but fail in newer versions because
      there are more operators named "#".  Besides it's a bit inconsistent that
      only two of the examples on this page lack type names on their constants.
      
      Report: <20160923081530.1517.75670@wrigleys.postgresql.org>
      5a7bae06
    • Tom Lane's avatar
      Fix incorrect logic for excluding range constructor functions in pg_dump. · 12f6eadf
      Tom Lane authored
      Faulty AND/OR nesting in the WHERE clause of getFuncs' SQL query led to
      dumping range constructor functions if they are part of an extension
      and we're in binary-upgrade mode.  Actually, we don't want to dump them
      separately even then, since CREATE TYPE AS RANGE will create the range's
      constructor functions regardless.  Per report from Andrew Dunstan.
      
      It looks like this mistake was introduced by me, in commit b985d487, in
      perhaps-overzealous refactoring to reduce code duplication.  I'm suitably
      embarrassed.
      
      Report: <34854939-02d7-f591-5677-ce2994104599@dunslane.net>
      12f6eadf
    • Tom Lane's avatar
      Remove useless code. · 959ea7fa
      Tom Lane authored
      Apparent copy-and-pasteo in standby_desc_invalidations() had two
      entries for msg->id == SHAREDINVALRELMAP_ID.
      
      Aleksander Alekseev
      
      Discussion: <20160923090814.GB1238@e733>
      959ea7fa
    • Tom Lane's avatar
      Don't trust CreateFileMapping() to clear the error code on success. · 8e6b4ee2
      Tom Lane authored
      We must test GetLastError() even when CreateFileMapping() returns a
      non-null handle.  If that value were left over from some previous system
      call, we might be fooled into thinking the segment already existed.
      Experimentation on Windows 7 suggests that CreateFileMapping() clears
      the error code on success, but it is not documented to do so, so let's
      not rely on that happening in all Windows releases.
      
      Amit Kapila
      
      Discussion: <20811.1474390987@sss.pgh.pa.us>
      8e6b4ee2
    • Tom Lane's avatar
      Avoid using PostmasterRandom() for DSM control segment ID. · 49a91b88
      Tom Lane authored
      Commits 470d886c et al intended to fix the problem that the postmaster
      selected the same "random" DSM control segment ID on every start.  But
      using PostmasterRandom() for that destroys the intended property that the
      delay between random_start_time and random_stop_time will be unpredictable.
      (Said delay is probably already more predictable than we could wish, but
      that doesn't mean that reducing it by a couple orders of magnitude is OK.)
      Revert the previous patch and add a comment warning against misuse of
      PostmasterRandom.  Fix the original problem by calling srandom() early in
      PostmasterMain, using a low-security seed that will later be overwritten
      by PostmasterRandom.
      
      Discussion: <20789.1474390434@sss.pgh.pa.us>
      49a91b88
    • Peter Eisentraut's avatar
      pg_ctl: Add promote wait option to help output · 6fa51c79
      Peter Eisentraut authored
      pointed out by Masahiko Sawada <sawada.mshk@gmail.com>
      6fa51c79
    • Heikki Linnakangas's avatar
      Improve error message on MSVC if perl*.lib is not found. · 3c2d5d66
      Heikki Linnakangas authored
      John Harvey, reviewed by Michael Paquier
      
      Discussion: <CABcP5fjEjgOsh097cWnQrsK9yCswo4DZxp-V47DKCH-MxY9Gig@mail.gmail.com>
      3c2d5d66
    • Heikki Linnakangas's avatar
      Fix typo in comment. · 674e2de6
      Heikki Linnakangas authored
      Daniel Gustafsson
      674e2de6
  9. 22 Sep, 2016 4 commits
    • Bruce Momjian's avatar
      C comment: fix function header comment · 1ff00421
      Bruce Momjian authored
      Fix for transformOnConflictClause().
      
      Author: Tomonari Katsumata
      1ff00421
    • Tom Lane's avatar
      Remove nearly-unused SizeOfIptrData macro. · 8023b582
      Tom Lane authored
      Past refactorings have removed all but one reference to SizeOfIptrData
      (and that one place was in a pretty noncritical spot).  Since nobody's
      complained, it seems probable that there are no supported compilers
      that don't think sizeof(ItemPointerData) is 6.  If there are, we're
      wasting MAXALIGN per heap tuple anyway, so it's rather silly to worry
      about whether we can shave space in places like WAL records.
      
      Pavan Deolasee
      
      Discussion: <CABOikdOOawDda4hwLOT6zdA6MFfPLu3Z2YBZkX0JdayNS6JOeQ@mail.gmail.com>
      8023b582
    • Tom Lane's avatar
      Be sure to rewind the tuplestore read pointer in non-leader CTEScan nodes. · 96dd77d3
      Tom Lane authored
      ExecInitCteScan supposed that it didn't have to do anything to the extra
      tuplestore read pointer it gets from tuplestore_alloc_read_pointer.
      However, it needs this read pointer to be positioned at the start of the
      tuplestore, while tuplestore_alloc_read_pointer is actually defined as
      cloning the current position of read pointer 0.  In normal situations
      that accidentally works because we initialize the whole plan tree at once,
      before anything gets read.  But it fails in an EvalPlanQual recheck, as
      illustrated in bug #14328 from Dima Pavlov.  To fix, just forcibly rewind
      the pointer after tuplestore_alloc_read_pointer.  The cost of doing so is
      negligible unless the tuplestore is already in TSS_READFILE state, which
      wouldn't happen in normal cases.  We could consider altering tuplestore's
      API to make that case cheaper, but that would make for a more invasive
      back-patch and it doesn't seem worth it.
      
      This has been broken probably for as long as we've had CTEs, so back-patch
      to all supported branches.
      
      Discussion: <32468.1474548308@sss.pgh.pa.us>
      96dd77d3
    • Peter Eisentraut's avatar
      Add tests for various connection string issues · 8b845520
      Peter Eisentraut authored
      Add tests for consistent support of connection strings in frontend
      programs as well as proper handling of unusual characters in database
      and user names.  These tests were developed for the issues of
      CVE-2016-5424.
      
      To allow testing of names with spaces, change the pg_regress
      command-line options --create-role and --dbname to split their arguments
      by comma only, not space or comma as before.  Only commas were actually
      used in existing uses.
      
      Noah Misch, Michael Paquier, Peter Eisentraut
      8b845520
  10. 21 Sep, 2016 9 commits
  11. 20 Sep, 2016 1 commit