1. 03 Aug, 2016 10 commits
    • Tom Lane's avatar
      Make INSERT-from-multiple-VALUES-rows handle targetlist indirection better. · a3c7a993
      Tom Lane authored
      Previously, if an INSERT with multiple rows of VALUES had indirection
      (array subscripting or field selection) in its target-columns list, the
      parser handled that by applying transformAssignedExpr() to each element
      of each VALUES row independently.  This led to having ArrayRef assignment
      nodes or FieldStore nodes in each row of the VALUES RTE.  That works for
      simple cases, but in bug #14265 Nuri Boardman points out that it fails
      if there are multiple assignments to elements/fields of the same target
      column.  For such cases to work, rewriteTargetListIU() has to nest the
      ArrayRefs or FieldStores together to produce a single expression to be
      assigned to the column.  But it failed to find them in the top-level
      targetlist and issued an error about "multiple assignments to same column".
      
      We could possibly fix this by teaching the rewriter to apply
      rewriteTargetListIU to each VALUES row separately, but that would be messy
      (it would change the output rowtype of the VALUES RTE, for example) and
      inefficient.  Instead, let's fix the parser so that the VALUES RTE outputs
      are just the user-specified values, cast to the right type if necessary,
      and then the ArrayRefs or FieldStores are applied in the top-level
      targetlist to Vars representing the RTE's outputs.  This is the same
      parsetree representation already used for similar cases with INSERT/SELECT
      syntax, so it allows simplifications in ruleutils.c, which no longer needs
      to treat INSERT-from-multiple-VALUES as its own special case.
      
      This implementation works by applying transformAssignedExpr to the VALUES
      entries as before, and then stripping off any ArrayRefs or FieldStores it
      adds.  With lots of VALUES rows it would be noticeably more efficient to
      not add those nodes in the first place.  But that's just an optimization
      not a bug fix, and there doesn't seem to be any good way to do it without
      significant refactoring.  (A non-invasive answer would be to apply
      transformAssignedExpr + stripping to just the first VALUES row, and then
      just forcibly cast remaining rows to the same data types exposed in the
      first row.  But this way would lead to different, not-INSERT-specific
      errors being reported in casting failure cases, so it doesn't seem very
      nice.)  So leave that for later; this patch at least isn't making the
      per-row parsing work worse, and it does make the finished parsetree
      smaller, saving rewriter and planner work.
      
      Catversion bump because stored rules containing such INSERTs would need
      to change.  Because of that, no back-patch, even though this is a very
      long-standing bug.
      
      Report: <20160727005725.7438.26021@wrigleys.postgresql.org>
      Discussion: <9578.1469645245@sss.pgh.pa.us>
      a3c7a993
    • Tom Lane's avatar
      Do not let PostmasterContext survive into background workers. · ef1b5af8
      Tom Lane authored
      We don't want postmaster child processes to contain a copy of the
      postmaster's PostmasterContext.  That would be a waste of memory at least,
      and at worst a security issue, since there are copies of the semi-sensitive
      pg_hba and pg_ident data in there.  All other child process types delete
      the PostmasterContext after forking, but the original coding of the
      background worker patch (commit da07a1e8) did not do so.  It appears
      that the only reason for that was to avoid copying the bgworker's
      MyBgworkerEntry out of that context; but the couple of additional
      statements needed to do so are hardly good justification for it.  Hence,
      copy that data and then clear the context as other child processes do.
      
      Because this patch changes the memory context in which a bgworker function
      gains control, back-patching it would be a bit risky, so we won't fix this
      in back branches.  The "security" complaint is pretty thin anyway for
      generic bgworkers; only with the introduction of parallel query is there
      any question of running untrusted code in a bgworker process.
      
      Discussion: <14111.1470082717@sss.pgh.pa.us>
      ef1b5af8
    • Peter Eisentraut's avatar
      Add missing casts in information schema · 6a9e09c4
      Peter Eisentraut authored
      From: Clément Prévost <prevostclement@gmail.com>
      6a9e09c4
    • Peter Eisentraut's avatar
      doc: Remove documentation of nonexistent information schema columns · 2b8fd4fa
      Peter Eisentraut authored
      These were probably copied in by accident.
      
      From: Clément Prévost <prevostclement@gmail.com>
      2b8fd4fa
    • Alvaro Herrera's avatar
      Fix assorted problems in recovery tests · b26f7fa6
      Alvaro Herrera authored
      In test 001_stream_rep we're using pg_stat_replication.write_location to
      determine catch-up status, but we care about xlog having been applied
      not just received, so change that to apply_location.
      
      In test 003_recovery_targets, we query the database for a recovery
      target specification and later for the xlog position supposedly
      corresponding to that recovery specification.  If for whatever reason
      more WAL is written between the two queries, the recovery specification
      is earlier than the xlog position used by the query in the test harness,
      so we wait forever, leading to test failures.  Deal with this by using a
      single query to extract both items.  In 2a0f89cd we tried to deal
      with it by giving them more tests to run, but in hindsight that was
      obviously doomed to failure (no revert of that, though).
      
      Per hamster buildfarm failures.
      
      Author: Michaël Paquier
      b26f7fa6
    • Peter Eisentraut's avatar
      doc: Change recommendation to put NOTIFY into a rule · 69bdfc40
      Peter Eisentraut authored
      Suggest a statement trigger instead.
      69bdfc40
    • Kevin Grittner's avatar
      Add OldSnapshotTimeMapLock to wait_event table in docs. · c93d8737
      Kevin Grittner authored
      Ashutosh Sharma with minor fixes by me.
      c93d8737
    • Bruce Momjian's avatar
      C comment: fix typo · 6eb5b05d
      Bruce Momjian authored
      Author: Amit Langote
      6eb5b05d
    • Peter Eisentraut's avatar
      doc: Remove slightly confusing xreflabels · 0a4d67b1
      Peter Eisentraut authored
      It seems clearer to refer to these tables in the normal way.
      0a4d67b1
    • Peter Eisentraut's avatar
      Small wording tweaks · 07104991
      Peter Eisentraut authored
      Dmitry Igrishin
      07104991
  2. 02 Aug, 2016 7 commits
    • Tom Lane's avatar
      Remove duplicate InitPostmasterChild() call while starting a bgworker. · c6ea616f
      Tom Lane authored
      This is apparently harmless on Windows, but on Unix it results in an
      assertion failure.  We'd not noticed because this code doesn't get
      used on Unix unless you build with -DEXEC_BACKEND.  Bug was evidently
      introduced by sloppy refactoring in commit 31c45316.
      
      Thomas Munro
      
      Discussion: <CAEepm=1VOnbVx4wsgQFvj94hu9jVt2nVabCr7QiooUSvPJXkgQ@mail.gmail.com>
      c6ea616f
    • Bruce Momjian's avatar
      doc: OS collation changes can break indexes · a253a885
      Bruce Momjian authored
      Discussion: 20160702155517.GD18610@momjian.us
      
      Reviewed-by: Christoph Berg
      
      Backpatch-through: 9.1
      a253a885
    • Tom Lane's avatar
      Block interrupts during HandleParallelMessages(). · b6a97b91
      Tom Lane authored
      As noted by Alvaro, there are CHECK_FOR_INTERRUPTS() calls in the shm_mq.c
      functions called by HandleParallelMessages().  I believe they're all
      unreachable since we always pass nowait = true, but it doesn't seem like
      a great idea to assume that no such call will ever be reachable from
      HandleParallelMessages().  If that did happen, there would be a risk of a
      recursive call to HandleParallelMessages(), which it does not appear to be
      designed for --- for example, there's nothing that would prevent
      out-of-order processing of received messages.  And certainly such cases
      cannot easily be tested.  So let's prevent it by holding off interrupts for
      the duration of the function.  Back-patch to 9.5 which contains identical
      code.
      
      Discussion: <14869.1470083848@sss.pgh.pa.us>
      b6a97b91
    • Peter Eisentraut's avatar
      Change minimum max_worker_processes from 1 to 0 · c4d3a039
      Peter Eisentraut authored
      Setting it to 0 is probably not useful in practice, but it allows
      testing of situations without available background worker slots.
      c4d3a039
    • Tom Lane's avatar
      Fix pg_dump's handling of public schema with both -c and -C options. · e2e95f5e
      Tom Lane authored
      Since -c plus -C requests dropping and recreating the target database
      as a whole, not dropping individual objects in it, we should assume that
      the public schema already exists and need not be created.  The previous
      coding considered only the state of the -c option, so it would emit
      "CREATE SCHEMA public" anyway, leading to an unexpected error in restore.
      
      Back-patch to 9.2.  Older versions did not accept -c with -C so the
      issue doesn't arise there.  (The logic being patched here dates to 8.0,
      cf commit 2193121f, so it's not really wrong that it didn't consider
      the case at the time.)
      
      Note that versions before 9.6 will still attempt to emit REVOKE/GRANT
      on the public schema; but that happens without -c/-C too, and doesn't
      seem to be the focus of this complaint.  I considered extending this
      stanza to also skip the public schema's ACL, but that would be a
      misfeature, as it'd break cases where users intentionally changed that
      ACL.  The real fix for this aspect is Stephen Frost's work to not dump
      built-in ACLs, and that's not going to get back-ported.
      
      Per bugs #13804 and #14271.  Solution found by David Johnston and later
      rediscovered by me.
      
      Report: <20151207163520.2628.95990@wrigleys.postgresql.org>
      Report: <20160801021955.1430.47434@wrigleys.postgresql.org>
      e2e95f5e
    • Peter Eisentraut's avatar
      doc: Whitespace fixes in man pages · e9888c2a
      Peter Eisentraut authored
      e9888c2a
    • Peter Eisentraut's avatar
      f6ced51f
  3. 01 Aug, 2016 6 commits
    • Tom Lane's avatar
      Minor cleanup for access/transam/parallel.c. · a5fe473a
      Tom Lane authored
      ParallelMessagePending *must* be marked volatile, because it's set
      by a signal handler.  On the other hand, it's pointless for
      HandleParallelMessageInterrupt to save/restore errno; that must be,
      and is, done at the outer level of the SIGUSR1 signal handler.
      
      Calling CHECK_FOR_INTERRUPTS() inside HandleParallelMessages, which itself
      is called from CHECK_FOR_INTERRUPTS(), seems both useless and hazardous.
      The comment claiming that this is needed to handle the error queue going
      away is certainly misguided, in any case.
      
      Improve a couple of error message texts, and use
      ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE to report loss of parallel worker
      connection, since that's what's used in e.g. tqueue.c.  (Maybe it would be
      worth inventing a dedicated ERRCODE for this type of failure?  But I do not
      think ERRCODE_INTERNAL_ERROR is appropriate.)
      
      Minor stylistic cleanups.
      a5fe473a
    • Tom Lane's avatar
      Don't CHECK_FOR_INTERRUPTS between WaitLatch and ResetLatch. · 887feefe
      Tom Lane authored
      This coding pattern creates a race condition, because if an interesting
      interrupt happens after we've checked InterruptPending but before we reset
      our latch, the latch-setting done by the signal handler would get lost,
      and then we might block at WaitLatch in the next iteration without ever
      noticing the interrupt condition.  You can put the CHECK_FOR_INTERRUPTS
      before WaitLatch or after ResetLatch, but not between them.
      
      Aside from fixing the bugs, add some explanatory comments to latch.h
      to perhaps forestall the next person from making the same mistake.
      
      In HEAD, also replace gather_readnext's direct call of
      HandleParallelMessages with CHECK_FOR_INTERRUPTS.  It does not seem clean
      or useful for this one caller to bypass ProcessInterrupts and go straight
      to HandleParallelMessages; not least because that fails to consider the
      InterruptPending flag, resulting in useless work both here
      (if InterruptPending isn't set) and in the next CHECK_FOR_INTERRUPTS call
      (if it is).
      
      This thinko seems to have been introduced in the initial coding of
      storage/ipc/shm_mq.c (commit ec9037df), and then blindly copied into all
      the subsequent parallel-query support logic.  Back-patch relevant hunks
      to 9.4 to extirpate the error everywhere.
      
      Discussion: <1661.1469996911@sss.pgh.pa.us>
      887feefe
    • Fujii Masao's avatar
      Remove unused arguments from pg_replication_origin_xact_reset function. · dd5eb805
      Fujii Masao authored
      The document specifies that pg_replication_origin_xact_reset function
      doesn't have any argument variables. But previously it was actually
      defined so as to have two argument variables, though they were not
      used at all. That is, the pg_proc entry for that function was incorrect.
      This patch fixes the pg_proc entry and removes those two arguments
      from the function definition.
      
      No back-patch because this change needs a catalog version bump
      although the issue exists in 9.5 as well. Instead, a note about those
      unused argument variables will be added to 9.5 document later.
      
      Catalog version bumped due to the change of pg_proc.
      dd5eb805
    • Bruce Momjian's avatar
      878bd9ac
    • Michael Meskes's avatar
    • Fujii Masao's avatar
      Fix pg_basebackup so that it accepts 0 as a valid compression level. · 74d8c95b
      Fujii Masao authored
      The help message for pg_basebackup specifies that the numbers 0 through 9
      are accepted as valid values of -Z option. But, previously -Z 0 was rejected
      as an invalid compression level.
      
      Per discussion, it's better to make pg_basebackup treat 0 as valid
      compression level meaning no compression, like pg_dump.
      
      Back-patch to all supported versions.
      
      Reported-By: Jeff Janes
      Reviewed-By: Amit Kapila
      Discussion: CAMkU=1x+GwjSayc57v6w87ij6iRGFWt=hVfM0B64b1_bPVKRqg@mail.gmail.com
      74d8c95b
  4. 31 Jul, 2016 4 commits
    • Tom Lane's avatar
      Doc: remove claim that hash index creation depends on effective_cache_size. · 11653cd8
      Tom Lane authored
      This text was added by commit ff213239, and not long thereafter obsoleted
      by commit 4adc2f72 (which made the test depend on NBuffers instead); but
      nobody noticed the need for an update.  Commit 9563d5b5 adds some further
      dependency on maintenance_work_mem, but the existing verbiage seems to
      cover that with about as much precision as we really want here.  Let's
      just take it all out rather than leaving ourselves open to more errors of
      omission in future.  (That solution makes this change back-patchable, too.)
      
      Noted by Peter Geoghegan.
      
      Discussion: <CAM3SWZRVANbj9GA9j40fAwheQCZQtSwqTN1GBTVwRrRbmSf7cg@mail.gmail.com>
      11653cd8
    • Tom Lane's avatar
      Code review for tqueue.c: fix memory leaks, speed it up, other fixes. · a9ed875f
      Tom Lane authored
      When doing record typmod remapping, tqueue.c did fresh catalog lookups
      for each tuple it processed, which was pretty horrible performance-wise
      (it seemed to about halve the already none-too-quick speed of bulk reads
      in parallel mode).  Worse, it insisted on putting bits of that data into
      TopMemoryContext, from where it never freed them, causing a
      session-lifespan memory leak.  (I suppose this was coded with the idea
      that the sender process would quit after finishing the query ---
      but the receiver uses the same code.)
      
      Restructure to avoid repetitive catalog lookups and to keep that data
      in a query-lifespan context, in or below the context where the
      TQueueDestReceiver or TupleQueueReader itself lives.
      
      Fix some other bugs such as continuing to use a tupledesc after
      releasing our refcount on it.  Clean up cavalier datatype choices
      (typmods are int32, please, not int, and certainly not Oid).  Improve
      comments and error message wording.
      a9ed875f
    • Stephen Frost's avatar
      Correctly handle owned sequences with extensions · f9e439b1
      Stephen Frost authored
      With the refactoring of pg_dump to handle components, getOwnedSeqs needs
      to be a bit more intelligent regarding which components to dump when.
      Specifically, we can't simply use the owning table's components as the
      set of components to dump as the table might only be including certain
      components while all components of the sequence should be dumped, for
      example, when the table is a member of an extension while the sequence
      is not.
      
      Handle this by combining the set of components to be dumped for the
      sequence explicitly and those to be dumped for the table when setting
      the components to be dumped for the sequence.
      
      Also add a number of regression tests around this to, hopefully, catch
      any future changes which break the expected behavior.
      
      Discovered by: Philippe BEAUDOIN
      Reviewed by: Michael Paquier
      f9e439b1
    • Bruce Momjian's avatar
      doc: improve wording of Error Message Style Guide · 6335c80e
      Bruce Momjian authored
      Reported-by: Daniel Gustafsson
      
      Discussion: 48DB4EDA-96F8-4B2F-99C4-110900FC7540@yesql.se
      
      Author: Daniel Gustafsson
      6335c80e
  5. 30 Jul, 2016 2 commits
  6. 29 Jul, 2016 5 commits
    • Tom Lane's avatar
      Fix worst memory leaks in tqueue.c. · af330393
      Tom Lane authored
      TupleQueueReaderNext() leaks like a sieve if it has to do any tuple
      disassembly/reconstruction.  While we could try to clean up its allocations
      piecemeal, it seems like a better idea just to insist that it should be run
      in a short-lived memory context, so that any transient space goes away
      automatically.  I chose to have nodeGather.c switch into its existing
      per-tuple context before the call, rather than inventing a separate
      context inside tqueue.c.
      
      This is sufficient to stop all leakage in the simple case I exhibited
      earlier today (see link below), but it does not deal with leaks induced
      in more complex cases by tqueue.c's insistence on using TopMemoryContext
      for data that it's not actually trying hard to keep track of.  That issue
      is intertwined with another major source of inefficiency, namely failure
      to cache lookup results across calls, so it seems best to deal with it
      separately.
      
      In passing, improve some comments, and modify gather_readnext's method for
      deciding when it's visited all the readers so that it's more obviously
      correct.  (I'm not actually convinced that the previous code *is*
      correct in the case of a reader deletion; it certainly seems fragile.)
      
      Discussion: <32763.1469821037@sss.pgh.pa.us>
      af330393
    • Tom Lane's avatar
      Fix tqueue.c's range-remapping code. · bf4ae685
      Tom Lane authored
      It's depressingly clear that nobody ever tested this.
      bf4ae685
    • Tom Lane's avatar
      Fix pq_putmessage_noblock() to not block. · 80b346c2
      Tom Lane authored
      An evident copy-and-pasteo in commit 2bd9e412 broke the non-blocking
      aspect of pq_putmessage_noblock(), causing it to behave identically to
      pq_putmessage().  That function is nowadays used only in walsender.c,
      so that the net effect was to cause walsenders to hang up waiting for
      the receiver in situations where they should not.
      
      Kyotaro Horiguchi
      
      Patch: <20160728.185228.58375982.horiguchi.kyotaro@lab.ntt.co.jp>
      80b346c2
    • Robert Haas's avatar
      Eliminate a few more user-visible "cache lookup failed" errors. · 3153b1a5
      Robert Haas authored
      Michael Paquier
      3153b1a5
    • Peter Eisentraut's avatar
      5676da2d
  7. 28 Jul, 2016 6 commits
    • Tom Lane's avatar
      Guard against empty buffer in gets_fromFile()'s check for a newline. · ed0b228d
      Tom Lane authored
      Per the fgets() specification, it cannot return without reading some data
      unless it reports EOF or error.  So the code here assumed that the data
      buffer would necessarily be nonempty when we go to check for a newline
      having been read.  However, Agostino Sarubbo noticed that this could fail
      to be true if the first byte of the data is a NUL (\0).  The fgets() API
      doesn't really work for embedded NULs, which is something I don't feel
      any great need for us to worry about since we generally don't allow NULs
      in SQL strings anyway.  But we should not access off the end of our own
      buffer if the case occurs.  Normally this would just be a harmless read,
      but if you were unlucky the byte before the buffer would contain '\n'
      and we'd overwrite it with '\0', and if you were really unlucky that
      might be valuable data and psql would crash.
      
      Agostino reported this to pgsql-security, but after discussion we concluded
      that it isn't worth treating as a security bug; if you can control the
      input to psql you can do far more interesting things than just maybe-crash
      it.  Nonetheless, it is a bug, so back-patch to all supported versions.
      ed0b228d
    • Tom Lane's avatar
      Teach parser to transform "x IS [NOT] DISTINCT FROM NULL" to a NullTest. · 8d19d0e1
      Tom Lane authored
      Now that we've nailed down the principle that NullTest with !argisrow
      is fully equivalent to SQL's IS [NOT] DISTINCT FROM NULL, let's teach
      the parser about it.  This produces a slightly more compact parse tree
      and is much more amenable to optimization than a DistinctExpr, since
      the planner knows a good deal about NullTest and next to nothing about
      DistinctExpr.
      
      I'm not sure that there are all that many queries in the wild that could
      be improved by this, but at least one source of such cases is the patch
      just made to postgres_fdw to emit IS [NOT] DISTINCT FROM NULL when
      IS [NOT] NULL isn't semantically correct.
      
      No back-patch, since to the extent that this does affect planning results,
      it might be considered undesirable plan destabilization.
      8d19d0e1
    • Peter Eisentraut's avatar
      Message style improvements · ef5d4a3c
      Peter Eisentraut authored
      ef5d4a3c
    • Tom Lane's avatar
      Fix assorted fallout from IS [NOT] NULL patch. · 9492cf86
      Tom Lane authored
      Commits 4452000f et al established semantics for NullTest.argisrow that
      are a bit different from its initial conception: rather than being merely
      a cache of whether we've determined the input to have composite type,
      the flag now has the further meaning that we should apply field-by-field
      testing as per the standard's definition of IS [NOT] NULL.  If argisrow
      is false and yet the input has composite type, the construct instead has
      the semantics of IS [NOT] DISTINCT FROM NULL.  Update the comments in
      primnodes.h to clarify this, and fix ruleutils.c and deparse.c to print
      such cases correctly.  In the case of ruleutils.c, this merely results in
      cosmetic changes in EXPLAIN output, since the case can't currently arise
      in stored rules.  However, it represents a live bug for deparse.c, which
      would formerly have sent a remote query that had semantics different
      from the local behavior.  (From the user's standpoint, this means that
      testing a remote nested-composite column for null-ness could have had
      unexpected recursive behavior much like that fixed in 4452000f.)
      
      In a related but somewhat independent fix, make plancat.c set argisrow
      to false in all NullTest expressions constructed to represent "attnotnull"
      constructs.  Since attnotnull is actually enforced as a simple null-value
      check, this is a more accurate representation of the semantics; we were
      previously overpromising what it meant for composite columns, which might
      possibly lead to incorrect planner optimizations.  (It seems that what the
      SQL spec expects a NOT NULL constraint to mean is an IS NOT NULL test, so
      arguably we are violating the spec and should fix attnotnull to do the
      other thing.  If we ever do, this part should get reverted.)
      
      Back-patch, same as the previous commit.
      
      Discussion: <10682.1469566308@sss.pgh.pa.us>
      9492cf86
    • Tom Lane's avatar
      Improve documentation about CREATE TABLE ... LIKE. · 46b773d4
      Tom Lane authored
      The docs failed to explain that LIKE INCLUDING INDEXES would not preserve
      the names of indexes and associated constraints.  Also, it wasn't mentioned
      that EXCLUDE constraints would be copied by this option.  The latter
      oversight seems enough of a documentation bug to justify back-patching.
      
      In passing, do some minor copy-editing in the same area, and add an entry
      for LIKE under "Compatibility", since it's not exactly a faithful
      implementation of the standard's feature.
      
      Discussion: <20160728151154.AABE64016B@smtp.hushmail.com>
      46b773d4
    • Tom Lane's avatar
      Register atexit hook only once in pg_upgrade. · d9e74959
      Tom Lane authored
      start_postmaster() registered stop_postmaster_atexit as an atexit(3)
      callback each time through, although the obvious intention was to do
      so only once per program run.  The extra registrations were harmless,
      so long as we didn't exceed ATEXIT_MAX, but still it's a bug.
      
      Artur Zakirov, with bikeshedding by Kyotaro Horiguchi and me
      
      Discussion: <d279e817-02b5-caa6-215f-cfb05dce109a@postgrespro.ru>
      d9e74959