1. 21 Dec, 2015 1 commit
    • Stephen Frost's avatar
      Make viewquery a copy in rewriteTargetView() · 6f8cb1e2
      Stephen Frost authored
      Rather than expect the Query returned by get_view_query() to be
      read-only and then copy bits and pieces of it out, simply copy the
      entire structure when we get it.  This addresses an issue where
      AcquireRewriteLocks, which is called by acquireLocksOnSubLinks(),
      scribbles on the parsetree passed in, which was actually an entry
      in relcache, leading to segfaults with certain view definitions.
      This also future-proofs us a bit for anyone adding more code to this
      path.
      
      The acquireLocksOnSubLinks() was added in commit c3e0ddd4.
      
      Back-patch to 9.3 as that commit was.
      6f8cb1e2
  2. 20 Dec, 2015 3 commits
    • Tom Lane's avatar
      Remove silly completion for "DELETE FROM tabname ...". · 99ccb230
      Tom Lane authored
      psql offered USING, WHERE, and SET in this context, but SET is not a valid
      possibility here.  Seems to have been a thinko in commit f5ab0a14
      which added DELETE's USING option.
      99ccb230
    • Tom Lane's avatar
      Teach psql's tab completion to consider the entire input string. · d854118c
      Tom Lane authored
      Up to now, the tab completion logic has only examined the last few words
      of the current input line; "last few" being originally as few as four
      words, but lately up to nine words.  Furthermore, it only looked at what
      libreadline considers the current line of input, which made it rather
      myopic if you split your command across lines.  This was tolerable,
      sort of, so long as the match patterns were only designed to consider the
      last few words of input; but with the recent addition of HeadMatches()
      and Matches() matching rules, we really have to do better if we want
      those to behave sanely.
      
      Hence, change the code to break the entire line down into words, and to
      include any previous lines in the command buffer along with the active
      readline input buffer.
      
      This will be a little bit slower than the previous coding, but some
      measurements say that even a query of several thousand characters can be
      parsed in a hundred or so microseconds on modern machines; so it's really
      not going to be significant for interactive tab completion.  To reduce
      the cost some, I arranged to avoid the per-word malloc calls that used
      to occur: all the words are now kept in one malloc'd buffer.
      d854118c
    • Peter Eisentraut's avatar
      psql: Review of new help output strings · 69e7c44f
      Peter Eisentraut authored
      69e7c44f
  3. 19 Dec, 2015 4 commits
    • Tom Lane's avatar
      Add missing COSTS OFF to EXPLAIN commands in rowsecurity.sql. · 65421813
      Tom Lane authored
      Commit e5e11c8c added a bunch of EXPLAIN statements without COSTS OFF
      to the regression tests.  This is contrary to project policy since it
      results in unnecessary platform dependencies in the output (it's just
      luck that we didn't get buildfarm failures from it).  Per gripe from
      Mike Wilson.
      65421813
    • Tom Lane's avatar
      Adopt a more compact, less error-prone notation for tab completion code. · d37b816d
      Tom Lane authored
      Replace tests like
      
          else if (pg_strcasecmp(prev4_wd, "CREATE") == 0 &&
                   pg_strcasecmp(prev3_wd, "TRIGGER") == 0 &&
                   (pg_strcasecmp(prev_wd, "BEFORE") == 0 ||
                    pg_strcasecmp(prev_wd, "AFTER") == 0))
      
      with new notation like this:
      
          else if (TailMatches4("CREATE", "TRIGGER", MatchAny, "BEFORE|AFTER"))
      
      In addition, provide some macros COMPLETE_WITH_LISTn() to reduce the amount
      of clutter needed to specify a small number of predetermined completion
      alternatives.
      
      This makes the code substantially more compact: tab-complete.c gets over a
      thousand lines shorter in this patch, despite the addition of a couple of
      hundred lines of infrastructure for the new notations.  The new way of
      specifying match rules seems a whole lot more readable and less
      error-prone, too.
      
      There's a lot more that could be done now to make matching faster and more
      reliable; for example I suspect that most of the TailMatches() rules should
      now be Matches() rules.  That would allow them to be skipped after a single
      integer comparison if there aren't the right number of words on the line,
      and it would reduce the risk of unintended matches.  But for now, (mostly)
      refrain from reworking any match rules in favor of just converting what
      we've got into the new notation.
      
      Thomas Munro, reviewed by Michael Paquier, some adjustments by me
      d37b816d
    • Peter Eisentraut's avatar
      Fix whitespace · 529fd74c
      Peter Eisentraut authored
      529fd74c
    • Andres Freund's avatar
      Fix tab completion for ALTER ... TABLESPACE ... OWNED BY. · 130d94a7
      Andres Freund authored
      Previously the completion used the wrong word to match 'BY'. This was
      introduced brokenly, in b2de2a. While at it, also add completion of
      IN TABLESPACE ... OWNED BY and fix comments referencing nonexistent
      syntax.
      
      Reported-By: Michael Paquier
      Author: Michael Paquier and Andres Freund
      Discussion: CAB7nPqSHDdSwsJqX0d2XzjqOHr==HdWiubCi4L=Zs7YFTUne8w@mail.gmail.com
      Backpatch: 9.4, like the commit introducing the bug
      130d94a7
  4. 18 Dec, 2015 11 commits
    • Teodor Sigaev's avatar
      Revert 9246af67 because · bbbd8070
      Teodor Sigaev authored
      I miss too much. Patch is returned to commitfest process.
      bbbd8070
    • Robert Haas's avatar
      pgbench: Change terminology from "threshold" to "parameter". · 3c7042a7
      Robert Haas authored
      Per a recommendation from Tomas Vondra, it's more helpful to refer to
      the value that determines how skewed a Gaussian or exponential
      distribution is as a parameter rather than a threshold.
      
      Since it's not quite too late to get this right in 9.5, where it was
      introduced, back-patch this.  Most of the patch changes only comments
      and documentation, but a few pgbench messages are altered to match.
      
      Fabien Coelho, reviewed by Michael Paquier and by me.
      3c7042a7
    • Robert Haas's avatar
      Remove duplicate word. · 6e7b3359
      Robert Haas authored
      Kyotaro Horiguchi
      6e7b3359
    • Robert Haas's avatar
      Fix TupleQueueReaderNext not to ignore its nowait argument. · 2bdfcb52
      Robert Haas authored
      This was a silly goof on my (rhaas's) part.
      
      Report and fix by Rushabh Lathia.
      2bdfcb52
    • Robert Haas's avatar
      Fix copy-and-paste error in logical decoding callback. · 44962267
      Robert Haas authored
      This could result in the error context misidentifying where the error
      actually occurred.
      
      Craig Ringer
      44962267
    • Robert Haas's avatar
      Fix typo in comment. · 9a51698b
      Robert Haas authored
      Amit Langote
      9a51698b
    • Teodor Sigaev's avatar
      Allow to omit boundaries in array subscript · 9246af67
      Teodor Sigaev authored
      Allow to omiy lower or upper or both boundaries in array subscript
      for selecting slice of array.
      
      Author: YUriy Zhuravlev
      9246af67
    • Teodor Sigaev's avatar
      Cube extension kNN support · 33bd250f
      Teodor Sigaev authored
      Introduce distance operators over cubes:
      <#> taxicab distance
      <->  euclidean distance
      <=> chebyshev distance
      
      Also add kNN support of those distances in GiST opclass.
      
      Author: Stas Kelvich
      33bd250f
    • Tom Lane's avatar
      Remove unreferenced function declarations. · 3d0c50ff
      Tom Lane authored
      datapagemap_create() and datapagemap_destroy() were declared extern,
      but they don't actually exist anywhere.  Per YUriy Zhuravlev and
      Michael Paquier.
      3d0c50ff
    • Tom Lane's avatar
      Use just one standalone-backend session for initdb's post-bootstrap steps. · c4a8812c
      Tom Lane authored
      Previously, each subroutine in initdb fired up its own standalone backend
      session.  Over time we'd grown as many as fifteen of these sessions,
      and the cumulative startup and shutdown work for them was getting pretty
      noticeable.  Combining things so that all these steps share a single
      backend session cuts a good 10% off the total runtime of initdb, more
      if you're not fsync'ing.
      
      The main stumbling block to doing this before was that some of the sessions
      were run with -j and some not.  The improved definition of -j mode
      implemented by my previous commit makes it possible to fix that by running
      all the post-bootstrap steps with -j; we just have to use double instead of
      single newlines to end command strings.  (This is only absolutely necessary
      around the VACUUM and CREATE DATABASE steps, since those can't be run in a
      transaction block.  But it seems best to make them all use double newlines
      so that the commands remain separate for error-reporting purposes.)
      
      A minor disadvantage is that since initdb can't tell how much of its
      output the backend has executed, we can no longer have the per-step
      progress reporting initdb used to print.  But things are fast enough
      nowadays that that's not really all that useful anyway.
      
      In passing, add more const decoration to some of the static arrays in
      initdb.c.
      c4a8812c
    • Tom Lane's avatar
      Adjust behavior of single-user -j mode for better initdb error reporting. · 66d947b9
      Tom Lane authored
      Previously, -j caused the entire input file to be read in and executed as
      a single command string.  That's undesirable, not least because any error
      causes the entire file to be regurgitated as the "failing query".  Some
      experimentation suggests a better rule: end the command string when we see
      a semicolon immediately followed by two newlines, ie, an empty line after
      a query.  This serves nicely to break up the existing examples such as
      information_schema.sql and system_views.sql.  A limitation is that it's
      no longer possible to write such a sequence within a string literal or
      multiline comment in a file meant to be read with -j; but there are no
      instances of such a problem within the data currently used by initdb.
      (If someone does make such a mistake in future, it'll be obvious because
      they'll get an unterminated-literal or unterminated-comment syntax error.)
      Other than that, there shouldn't be any negative consequences; you're not
      forced to end statements that way, it's just a better idea in most cases.
      
      In passing, remove src/include/tcop/tcopdebug.h, which is dead code
      because it's not included anywhere, and hasn't been for more than
      ten years.  One of the debug-support symbols it purported to describe
      has been unreferenced for at least the same amount of time, and the
      other is removed by this commit on the grounds that it was useless:
      forcing -j mode all the time would have broken initdb.  The lack of
      complaints about that, or about the missing inclusion, shows that
      no one has tried to use TCOP_DONTUSENEWLINE in many years.
      66d947b9
  5. 17 Dec, 2015 2 commits
    • Tom Lane's avatar
      Fix improper initialization order for readline. · aee7705b
      Tom Lane authored
      Turns out we must set rl_basic_word_break_characters *before* we call
      rl_initialize() the first time, because it will quietly copy that value
      elsewhere --- but only on the first call.  (Love these undocumented
      dependencies.)  I broke this yesterday in commit 2ec477dc;
      like that commit, back-patch to all active branches.  Per report from
      Pavel Stehule.
      aee7705b
    • Alvaro Herrera's avatar
      Rework internals of changing a type's ownership · 756e7b4c
      Alvaro Herrera authored
      This is necessary so that REASSIGN OWNED does the right thing with
      composite types, to wit, that it also alters ownership of the type's
      pg_class entry -- previously, the pg_class entry remained owned by the
      original user, which caused later other failures such as the new owner's
      inability to use ALTER TYPE to rename an attribute of the affected
      composite.  Also, if the original owner is later dropped, the pg_class
      entry becomes owned by a non-existant user which is bogus.
      
      To fix, create a new routine AlterTypeOwner_oid which knows whether to
      pass the request to ATExecChangeOwner or deal with it directly, and use
      that in shdepReassignOwner rather than calling AlterTypeOwnerInternal
      directly.  AlterTypeOwnerInternal is now simpler in that it only
      modifies the pg_type entry and recurses to handle a possible array type;
      higher-level tasks are handled by either AlterTypeOwner directly or
      AlterTypeOwner_oid.
      
      I took the opportunity to add a few more objects to the test rig for
      REASSIGN OWNED, so that more cases are exercised.  Additional ones could
      be added for superuser-only-ownable objects (such as FDWs and event
      triggers) but I didn't want to push my luck by adding a new superuser to
      the tests on a backpatchable bug fix.
      
      Per bug #13666 reported by Chris Pacejo.
      
      Backpatch to 9.5.
      
      (I would back-patch this all the way back, except that it doesn't apply
      cleanly in 9.4 and earlier because 59367fdf wasn't backpatched.  If we
      decide that we need this in earlier branches too, we should backpatch
      both.)
      756e7b4c
  6. 16 Dec, 2015 3 commits
    • Tom Lane's avatar
      Cope with Readline's failure to track SIGWINCH events outside of input. · 2ec477dc
      Tom Lane authored
      It emerges that libreadline doesn't notice terminal window size change
      events unless they occur while collecting input.  This is easy to stumble
      over if you resize the window while using a pager to look at query output,
      but it can be demonstrated without any pager involvement.  The symptom is
      that queries exceeding one line are misdisplayed during subsequent input
      cycles, because libreadline has the wrong idea of the screen dimensions.
      
      The safest, simplest way to fix this is to call rl_reset_screen_size()
      just before calling readline().  That causes an extra ioctl(TIOCGWINSZ)
      for every command; but since it only happens when reading from a tty, the
      performance impact should be negligible.  A more valid objection is that
      this still leaves a tiny window during entry to readline() wherein delivery
      of SIGWINCH will be missed; but the practical consequences of that are
      probably negligible.  In any case, there doesn't seem to be any good way to
      avoid the race, since readline exposes no functions that seem safe to call
      from a generic signal handler --- rl_reset_screen_size() certainly isn't.
      
      It turns out that we also need an explicit rl_initialize() call, else
      rl_reset_screen_size() dumps core when called before the first readline()
      call.
      
      rl_reset_screen_size() is not present in old versions of libreadline,
      so we need a configure test for that.  (rl_initialize() is present at
      least back to readline 4.0, so we won't bother with a test for it.)
      We would need a configure test anyway since libedit's emulation of
      libreadline doesn't currently include such a function.  Fortunately,
      libedit seems not to have any corresponding bug.
      
      Merlin Moncure, adjusted a bit by me
      2ec477dc
    • Robert Haas's avatar
      Speed up CREATE INDEX CONCURRENTLY's TID sort. · b648b703
      Robert Haas authored
      Encode TIDs as 64-bit integers to speed up comparisons.  This seems to
      speed things up on all platforms, but is even more beneficial when
      8-byte integers are passed by value.
      
      Peter Geoghegan.  Design suggestions and review by Tom Lane.  Review
      also by Simon Riggs and by me.
      b648b703
    • Robert Haas's avatar
      Mark CHECK constraints declared NOT VALID valid if created with table. · f27a6b15
      Robert Haas authored
      FOREIGN KEY constraints have behaved this way for a long time, but for
      some reason the behavior of CHECK constraints has been inconsistent up
      until now.
      
      Amit Langote and Amul Sul, with assorted tweaks by me.
      f27a6b15
  7. 15 Dec, 2015 8 commits
    • Tom Lane's avatar
      Document use of Subject Alternative Names in SSL server certificates. · 0625dbb0
      Tom Lane authored
      Commit acd08d76 did not bother with updating the documentation.
      0625dbb0
    • Tom Lane's avatar
      Update 9.5 release notes through today. · bfc7f5dd
      Tom Lane authored
      Also do another round of copy-editing, and fix up remaining FIXME items.
      bfc7f5dd
    • Robert Haas's avatar
      Teach mdnblocks() not to create zero-length files. · 049469e7
      Robert Haas authored
      It's entirely surprising that mdnblocks() has the side effect of
      creating new files on disk, so let's make it not do that.  One
      consequence of the old behavior is that, if running on a damaged
      cluster that is missing a file, mdnblocks() can recreate the file
      and allow a subsequent _mdfd_getseg() for a higher segment to succeed.
      This happens because, while mdnblocks() stops when it finds a segment
      that is shorter than 1GB, _mdfd_getseg() has no such check, and thus
      the empty file created by mdnblocks() can allow it to continue its
      traversal and find higher-numbered segments which remain.
      
      It might be a good idea for _mdfd_getseg() to actually verify that
      each segment it finds is exactly 1GB before proceeding to the next
      one, but that would involve some additional system calls, so for
      now I'm just doing this much.
      
      Patch by me, per off-list analysis by Kevin Grittner and Rahila Syed.
      Review by Andres Freund.
      049469e7
    • Robert Haas's avatar
      Move buffer I/O and content LWLocks out of the main tranche. · 6150a1b0
      Robert Haas authored
      Move the content lock directly into the BufferDesc, so that locking and
      pinning a buffer touches only one cache line rather than two.  Adjust
      the definition of BufferDesc slightly so that this doesn't make the
      BufferDesc any larger than one cache line (at least on platforms where
      a spinlock is only 1 or 2 bytes).
      
      We can't fit the I/O locks into the BufferDesc and stay within one
      cache line, so move those to a completely separate tranche.  This
      leaves a relatively limited number of LWLocks in the main tranche, so
      increase the padding of those remaining locks to a full cache line,
      rather than allowing adjacent locks to share a cache line, hopefully
      reducing false sharing.
      
      Performance testing shows that these changes make little difference
      on laptop-class machines, but help significantly on larger servers,
      especially those with more than 2 sockets.
      
      Andres Freund, originally based on an earlier patch by Simon Riggs.
      Review and cosmetic adjustments (including heavy rewriting of the
      comments) by me.
      6150a1b0
    • Robert Haas's avatar
      Provide a way to predefine LWLock tranche IDs. · 3fed4174
      Robert Haas authored
      It's a bit cumbersome to use LWLockNewTrancheId(), because the returned
      value needs to be shared between backends so that each backend can call
      LWLockRegisterTranche() with the correct ID.  So, for built-in tranches,
      use a hard-coded value instead.
      
      This is motivated by an upcoming patch adding further built-in tranches.
      
      Andres Freund and Robert Haas
      3fed4174
    • Stephen Frost's avatar
      Improve CREATE POLICY documentation · 43cd468c
      Stephen Frost authored
      Clarify that SELECT policies are now applied when SELECT rights
      are required for a given query, even if the query is an UPDATE or
      DELETE query.  Pointed out by Noah.
      
      Additionally, note the risk regarding concurrently open transactions
      where a relation which controls access to the rows of another relation
      are updated and the rows of the primary relation are also being
      modified.  Pointed out by Peter Geoghegan.
      
      Back-patch to 9.5.
      43cd468c
    • Stephen Frost's avatar
      Collect the global OR of hasRowSecurity flags for plancache · e5e11c8c
      Stephen Frost authored
      We carry around information about if a given query has row security or
      not to allow the plancache to use that information to invalidate a
      planned query in the event that the environment changes.
      
      Previously, the flag of one of the subqueries was simply being copied
      into place to indicate if the query overall included RLS components.
      That's wrong as we need the global OR of all subqueries.  Fix by
      changing the code to match how fireRIRules works, which is results
      in OR'ing all of the flags.
      
      Noted by Tom.
      
      Back-patch to 9.5 where RLS was introduced.
      e5e11c8c
    • Tom Lane's avatar
      Add missing cleanup logic in pg_rewind/t/005_same_timeline.pl test. · db81329e
      Tom Lane authored
      Per Michael Paquier
      db81329e
  8. 14 Dec, 2015 6 commits
    • Alvaro Herrera's avatar
      Add missing CHECK_FOR_INTERRUPTS in lseg_inside_poly · 0d8f3d5d
      Alvaro Herrera authored
      Apparently, there are bugs in this code that cause it to loop endlessly.
      That bug still needs more research, but in the meantime it's clear that
      the loop is missing a check for interrupts so that it can be cancelled
      timely.
      
      Backpatch to 9.1 -- this has been missing since 49475aab.
      0d8f3d5d
    • Kevin Grittner's avatar
      Remove xmlparse(document '') test · e2f1765c
      Kevin Grittner authored
      This one test was behaving differently between the ubuntu fix for
      CVE-2015-7499 and the base "expected" file.  It's not worth having
      yet another version of the expected file for this test, so drop it.
      Perhaps at some point when all distros have settled down to the
      same behavior on this test, it can be restored.
      
      Problem found by me on libxml2 (2.9.1+dfsg1-3ubuntu4.6).
      Solution suggested by Tom Lane.
      Backpatch to 9.5, where the test was added.
      e2f1765c
    • Heikki Linnakangas's avatar
      Fix out-of-memory error handling in ParameterDescription message processing. · 7b96bf44
      Heikki Linnakangas authored
      If libpq ran out of memory while constructing the result set, it would hang,
      waiting for more data from the server, which might never arrive. To fix,
      distinguish between out-of-memory error and not-enough-data cases, and give
      a proper error message back to the client on OOM.
      
      There are still similar issues in handling COPY start messages, but let's
      handle that as a separate patch.
      
      Michael Paquier, Amit Kapila and me. Backpatch to all supported versions.
      7b96bf44
    • Andres Freund's avatar
      Fix bug in SetOffsetVacuumLimit() triggered by find_multixact_start() failure. · cca705a5
      Andres Freund authored
      Previously, if find_multixact_start() failed, SetOffsetVacuumLimit() would
      install 0 into MultiXactState->offsetStopLimit if it previously succeeded.
      Luckily, there are no known cases where find_multixact_start() will return
      an error in 9.5 and above. But if it were to happen, for example due to
      filesystem permission issues, it'd be somewhat bad: GetNewMultiXactId()
      could continue allocating mxids even if close to a wraparound, or it could
      erroneously stop allocating mxids, even if no wraparound is looming.  The
      wrong value would be corrected the next time SetOffsetVacuumLimit() is
      called, or by a restart.
      
      Reported-By: Noah Misch, although this is not his preferred fix
      Discussion: 20151210140450.GA22278@alap3.anarazel.de
      Backpatch: 9.5, where the bug was introduced as part of 4f627f
      cca705a5
    • Andres Freund's avatar
      Correct statement to actually be the intended assert statement. · 2a354496
      Andres Freund authored
      e3f4cfc7 introduced a LWLockHeldByMe() call, without the corresponding
      Assert() surrounding it.
      
      Spotted by Coverity.
      
      Backpatch: 9.1+, like the previous commit
      2a354496
    • Tom Lane's avatar
      Docs: document that psql's "\i -" means read from stdin. · 7bd149ce
      Tom Lane authored
      This has worked that way for a long time, maybe always, but you would
      not have known it from the documentation.  Also back-patch the notes
      I added to HEAD earlier today about behavior of the "-f -" switch,
      which likewise have been valid for many releases.
      7bd149ce
  9. 13 Dec, 2015 2 commits
    • Tom Lane's avatar
      Code and docs review for multiple -c and -f options in psql. · fcbbf82d
      Tom Lane authored
      Commit d5563d7d drew complaints from Coverity, which quite
      correctly complained that one copy of each -c or -f string was being
      leaked.  What's more, simple_action_list_append was allocating enough space
      for still a third copy of each string as part of the SimpleActionListCell,
      even though that coding method had been superseded by a separate strdup
      operation.  There were some other minor coding infelicities too.  The
      documentation needed more work as well, eg it forgot to explain that -c
      causes psql not to accept any interactive input.
      fcbbf82d
    • Magnus Hagander's avatar
      Consistently set all fields in pg_stat_replication to null instead of 0 · a91bdf67
      Magnus Hagander authored
      Previously the "sent" field would be set to 0 and all other xlog
      pointers be set to NULL if there were no valid values (such as when
      in a backup sending walsender).
      a91bdf67