Correctifs appliqués

Tatsuo Ishii pushed:

Andres Freund pushed:

  • Fix leaking of small spilled subtransactions during logical decoding. When, during logical decoding, a transaction gets too big, it's contents get spilled to disk. Not just the top-transaction gets spilled, but *also* all of its subtransactions, even if they're not that large themselves. Unfortunately we didn't clean up such small spilled subtransactions from disk. Fix that, by keeping better track of whether a transaction has been spilled to disk. Author: Andres Freund Reported-By: Dmitriy Sarafannikov, Fabr�zio de Royes Mello Discussion: Backpatch: 9.4-, where logical decoding was introduced
  • Fix possibility of creating a "phantom" segment after promotion. When promoting a standby just after a XLOG_SWITCH record was replayed, and next segment(s) are already are locally available (via walsender, restore_command + trigger/recovery target), that segment could accidentally be recycled onto the past of the new timeline. Later checkpointer would create a .ready file for it, assuming there was an error during creation, and it would get archived. That causes trouble if another standby is later brought up from a basebackup from before the timeline creation, because it would try to read the segment, because XLogFileReadAnyTLI just tries all possible timelines, which doesn't have valid contents. Thus replay would fail. The problem, if already occurred, can be fixed by removing the segment and/or having restore_command filter it out. The reason for the creation of such "phantom" segments was, that after an XLOG_SWITCH record the EndOfLog variable points to the beginning of the next segment, and RemoveXlogFile() used XLByteToPrevSeg(). Normally RemoveXlogFile() doing so is harmless, because the last segment will still exist preventing InstallXLogFileSegment() from causing harm, but just after promotion there's no previous segment on the new timeline. Fix that by using XLByteToSeg() instead of XLByteToPrevSeg(). Author: Andres Freund Reported-By: Greg Burek Discussion: Backpatch: 9.2-, bug older than all supported versions

Tom Lane pushed:

  • On Windows, make pg_dump use binary mode for compressed plain text output. The combination of -Z -Fp and output to stdout resulted in corrupted output data, because we left stdout in text mode, resulting in newline conversion being done on the compressed stream. Switch stdout to binary mode for this case, at the same place where we do it for non-text output formats. Report and patch by Kuntal Ghosh, tested by Ashutosh Sharma and Neha Sharma. Back-patch to all supported branches. Discussion:
  • Avoid regressions in foreign-key-based selectivity estimates. David Rowley found that the "use the smallest per-column selectivity" heuristic applied in some cases by get_foreign_key_join_selectivity() was badly off if the FK columns are independent, producing estimates much worse than we got before that code was added in 9.6. One case where that heuristic was used was for LEFT and FULL outer joins with the referenced rel on the outside of the join. But we should not really need to special-case those here. eqjoinsel() never has had such a special case; the correction is applied by calc_joinrel_size_estimate() instead. Let's just estimate such cases like inner joins and rely on that later adjustment. (I think there was something of a thinko here, in that the comments seem to be thinking about the selectivity as defined for semi/anti joins; but that shouldn't apply to left/full joins.) Add a regression test exercising such a case to show that this is sane in at least some cases. The other case where we used that heuristic was for SEMI/ANTI outer joins, either if the referenced rel was on the outside, or if it was on the inside but was part of a join within the RHS. In either case, the FK doesn't give us a lot of traction towards estimating the selectivity. To ensure that we don't have regressions from what happened before 9.6, let's punt by ignoring the FK in such cases and applying the traditional selectivity calculation. (We might be able to improve on that later, but for now I just want to be sure it's not worse than 9.5.) Report and patch by David Rowley, simplified a bit by me. Back-patch to 9.6 where this code was added. Discussion:
  • Fix materialized-view documentation oversights. When materialized views were added, psql's \d commands were made to treat them as a separate object category ... but not everyplace in the documentation or comments got the memo. Noted by David Johnston. Back-patch to 9.3 where matviews came in. Discussion:
  • Don't downcase entries within shared_preload_libraries et al. load_libraries(), which processes the various xxx_preload_libraries GUCs, was parsing them using SplitIdentifierString() which isn't really appropriate for values that could be path names: it downcases unquoted text, and it doesn't allow embedded whitespace unless quoted. Use SplitDirectoriesString() instead. That also allows us to simplify load_libraries() a bit, since canonicalize_path() is now done for it. While this definitely seems like a bug fix, it has the potential to break configuration settings that accidentally worked before because of the downcasing behavior. Also, there's an easy workaround for the bug, namely to double-quote troublesome text. Hence, no back-patch. QL Zhuo, tweaked a bit by me Discussion:
  • Upgrade documentation connected with shared_preload_libraries et al. Noplace in the documentation actually defined what these variables contain. Define them as lists of arguments for LOAD, and improve that command's documentation a bit. Discussion:
  • Make opr_sanity test complain about built-in functions marked prosecdef. Currently, there are no built-in functions that are SECURITY DEFINER. But we just found an instance where one was mistakenly marked that way, so it seems prudent to add a test about it. If we ever grow some functions that are intentionally SECURITY DEFINER, we can alter the expected output of this test, or adjust the query to filter out functions for which it's okay. Per suggestion from Robert Haas. Discussion:
  • Final pgindent run with old pg_bsd_indent (version 1.3). This is just to have a clean basis for comparison with the results of the new version (which will indeed end up reverting some of these changes...) Discussion: Discussion:
  • Initial pgindent run with pg_bsd_indent version 2.0. The new indent version includes numerous fixes thanks to Piotr Stefaniak. The main changes visible in this commit are: * Nicer formatting of function-pointer declarations. * No longer unexpectedly removes spaces in expressions using casts, sizeof, or offsetof. * No longer wants to add a space in "struct structname *varname", as well as some similar cases for const- or volatile-qualified pointers. * Declarations using PG_USED_FOR_ASSERTS_ONLY are formatted more nicely. * Fixes bug where comments following declarations were sometimes placed with no space separating them from the code. * Fixes some odd decisions for comments following case labels. * Fixes some cases where comments following code were indented to less than the expected column 33. On the less good side, it now tends to put more whitespace around typedef names that are not listed in typedefs.list. This might encourage us to put more effort into typedef name collection; it's not really a bug in indent itself. There are more changes coming after this round, having to do with comment indentation and alignment of lines appearing within parentheses. I wanted to limit the size of the diffs to something that could be reviewed without one's eyes completely glazing over, so it seemed better to split up the changes as much as practical. Discussion: Discussion:
  • Phase 2 of pgindent updates. Change pg_bsd_indent to follow upstream rules for placement of comments to the right of code, and remove pgindent hack that caused comments following #endif to not obey the general rule. Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using the published version of pg_bsd_indent, but a hacked-up version that tried to minimize the amount of movement of comments to the right of code. The situation of interest is where such a comment has to be moved to the right of its default placement at column 33 because there's code there. BSD indent has always moved right in units of tab stops in such cases --- but in the previous incarnation, indent was working in 8-space tab stops, while now it knows we use 4-space tabs. So the net result is that in about half the cases, such comments are placed one tab stop left of before. This is better all around: it leaves more room on the line for comment text, and it means that in such cases the comment uniformly starts at the next 4-space tab stop after the code, rather than sometimes one and sometimes two tabs after. Also, ensure that comments following #endif are indented the same as comments following other preprocessor commands such as #else. That inconsistency turns out to have been self-inflicted damage from a poorly-thought-through post-indent "fixup" in pgindent. This patch is much less interesting than the first round of indent changes, but also bulkier, so I thought it best to separate the effects. Discussion: Discussion:
  • Phase 3 of pgindent updates. Don't move parenthesized lines to the left, even if that means they flow past the right margin. By default, BSD indent lines up statement continuation lines that are within parentheses so that they start just to the right of the preceding left parenthesis. However, traditionally, if that resulted in the continuation line extending to the right of the desired right margin, then indent would push it left just far enough to not overrun the margin, if it could do so without making the continuation line start to the left of the current statement indent. That makes for a weird mix of indentations unless one has been completely rigid about never violating the 80-column limit. This behavior has been pretty universally panned by Postgres developers. Hence, disable it with indent's new -lpl switch, so that parenthesized lines are always lined up with the preceding left paren. This patch is much less interesting than the first round of indent changes, but also bulkier, so I thought it best to separate the effects. Discussion: Discussion:
  • Remove entab and associated detritus. We don't need this anymore, because pg_bsd_indent has been taught to follow the same tab-vs-space rules that entab used to enforce. Discussion: Discussion:
  • Manually un-break a few URLs that pgindent used to insist on splitting. These will no longer get re-split by pgindent runs, so it's worth cleaning them up now. Discussion: Discussion:
  • Adjust pgindent script to use pg_bsd_indent 2.0. Update version-checking code and list of switches. Delete obsolete quasi-support for using GNU indent. Remove a lot of no-longer-needed workarounds for bugs of the old version, and improve comments for the hacks that remain. Update run_build() subroutine to fetch the pg_bsd_indent code from the newly established git repo for it. In passing, fix pgindent to not overwrite files that require no changes; this makes it a bit more friendly to run on a built tree. Adjust relevant documentation. Remove indent.bsd.patch; it's not relevant anymore (and was obsolete long ago anyway). Likewise remove pgcppindent, since we're no longer in the business of shipping C++ code. Piotr Stefaniak is responsible for most of the algorithmic changes to the pgindent script; I did the rest. Discussion: Discussion:
  • Add testing to detect errors of omission in "pin" dependency creation. It's essential that initdb.c's setup_depend() scan each system catalog that could contain objects that need to have "p" (pin) entries in pg_depend or pg_shdepend. Forgetting to add that, either when a catalog is first invented or when it first acquires DATA() entries, is an obvious bug hazard. We can detect such omissions at reasonable cost by probing every OID-containing system catalog to see whether the lowest-numbered OID in it is pinned. If so, the catalog must have been properly accounted for in setup_depend(). If the lowest OID is above FirstNormalObjectId then the catalog must have been empty at the end of initdb, so it doesn't matter. There are a small number of catalogs whose first entry is made later in initdb than setup_depend(), resulting in nonempty expected output of the test, but these can be manually inspected to see that they are OK. Any future mistake of this ilk will manifest as a new entry in the test's output. Since pg_conversion is already in the test's output, add it to the set of catalogs scanned by setup_depend(). That has no effect today (hence, no catversion bump here) but it will protect us if we ever do add pin-worthy conversions. This test is very much like the catalog sanity checks embodied in opr_sanity.sql and type_sanity.sql, but testing pg_depend doesn't seem to fit naturally into either of those scripts' charters. Hence, invent a new test script misc_sanity.sql, which can be a home for this as well as tests on any other catalogs we might want in future. Discussion:
  • Fix memory leakage in ICU encoding conversion, and other code review. Callers of icu_to_uchar() neglected to pfree the result string when done with it. This results in catastrophic memory leaks in varstr_cmp(), because of our prevailing assumption that btree comparison functions don't leak memory. For safety, make all the call sites clean up leaks, though I suspect that we could get away without it in formatting.c. I audited callers of icu_from_uchar() as well, but found no places that seemed to have a comparable issue. Add function API specifications for icu_to_uchar() and icu_from_uchar(); the lack of any thought-through specification is perhaps not unrelated to the existence of this bug in the first place. Fix icu_to_uchar() to guarantee a nul-terminated result; although no existing caller appears to care, the fact that it would have been nul-terminated except in extreme corner cases seems ideally designed to bite someone on the rear someday. Fix ucnv_fromUChars() destCapacity argument --- in the worst case, that could perhaps have led to a non-nul-terminated result, too. Fix icu_from_uchar() to have a more reasonable definition of the function result --- no callers are actually paying attention, so this isn't a live bug, but it's certainly sloppily designed. Const-ify icu_from_uchar()'s input string for consistency. That is not the end of what needs to be done to these functions, but it's as much as I have the patience for right now. Discussion:
  • Rethink behavior of pg_import_system_collations(). Marco Atzeri reported that initdb would fail if "locale -a" reported the same locale name more than once. All previous versions of Postgres implicitly de-duplicated the results of "locale -a", but the rewrite to move the collation import logic into C had lost that property. It had also lost the property that locale names matching built-in collation names were silently ignored. The simplest way to fix this is to make initdb run the function in if-not-exists mode, which means that there's no real use-case for non if-not-exists mode; we might as well just drop the boolean argument and simplify the function's definition to be "add any collations not already known". This change also gets rid of some odd corner cases caused by the fact that aliases were added in if-not-exists mode even if the function argument said otherwise. While at it, adjust the behavior so that pg_import_system_collations() doesn't spew "collation foo already exists, skipping" messages during a re-run; that's completely unhelpful, especially since there are often hundreds of them. And make it return a count of the number of collations it did add, which seems like it might be helpful. Also, re-integrate the previous coding's property that it would make a deterministic selection of which alias to use if there were conflicting possibilities. This would only come into play if "locale -a" reports multiple equivalent locale names, say "de_DE.utf8" and "de_DE.UTF-8", but that hardly seems out of the question. In passing, fix incorrect behavior in pg_import_system_collations()'s ICU code path: it neglected CommandCounterIncrement, which would result in failures if ICU returns duplicate names, and it would try to create comments even if a new collation hadn't been created. Also, reorder operations in initdb so that the 'ucs_basic' collation is created before calling pg_import_system_collations() not after. This prevents a failure if "locale -a" were to report a locale named that. There's no reason to think that that ever happens in the wild, but the old coding would have survived it, so let's be equally robust. Discussion:
  • Fix incorrect buffer-length argument to uloc_getDisplayName(). The maxResultSize argument of uloc_getDisplayName is the number of UChars in the output buffer, not the number of bytes. In principle this could result in a stack smash, although at least in my Fedora 25 install there are no ICU locales with display names long enough to overrun the buffer. But it's easily proven to be wrong by reducing the length of displayname to around 20, whereupon a stack smash does happen. (This is a rather scary bug, because the same mistake could easily have been made in other places; but in a quick code search looking at uses of UChar I could not find any other instances.)
  • Further hacking on ICU collation creation and usage. pg_import_system_collations() refused to create any ICU collations if the current database's encoding didn't support ICU. This is wrongheaded: initdb must initialize pg_collation in an encoding-independent way since it might be used in other databases with different encodings. The reason for the restriction seems to be that get_icu_locale_comment() used icu_from_uchar() to convert the UChar-format display name, and that unsurprisingly doesn't know what to do in unsupported encodings. But by the same token that the initial catalog contents must be encoding-independent, we can't allow non-ASCII characters in the comment strings. So we don't really need icu_from_uchar() here: just check for Unicode codes outside the ASCII range, and if there are none, the format conversion is trivial. If there are some, we can simply not install the comment. (In my testing, this affects only Norwegian Bokm�l, which has given us trouble before.) For paranoia's sake, also check for non-ASCII characters in ICU locale names, and skip such locales, as we do for libc locales. I don't currently have a reason to believe that this will ever reject anything, but then again the libc maintainers should have known better too. With just the import changes, ICU collations can be found in pg_collation in databases with unsupported encodings. This resulted in more or less clean failures at runtime, but that's not how things act for unsupported encodings with libc collations. Make it work the same as our traditional behavior for libc collations by having collation lookup take into account whether is_encoding_supported_by_icu(). Adjust documentation to match. Also, expand Table 23.1 to show which encodings are supported by ICU. catversion bump because of likely change in pg_collation/pg_description initial contents in ICU-enabled builds. Discussion:
  • Doc: minor improvements for collation-related man pages.

Peter Eisentraut pushed:

Bruce Momjian pushed:

  • pg_upgrade: start/stop new server after pg_resetwal. When commit 0f33a719fdbb5d8c43839ea0d2c90cd03e2af2d2 removed the instructions to start/stop the new cluster before running rsync, it was now possible for pg_resetwal/pg_resetxlog to leave the final WAL record at wal_level=minimum, preventing upgraded standby servers from reconnecting. This patch fixes that by having pg_upgrade unconditionally start/stop the new cluster after pg_resetwal/pg_resetxlog has run. Backpatch through 9.2 since, though the instructions were added in PG 9.5, they worked all the way back to 9.2. Discussion: Backpatch-through: 9.2

Heikki Linnakangas pushed:

Dean Rasheed pushed:

Magnus Hagander pushed:

Robert Haas pushed:

�lvaro Herrera pushed:

Simon Riggs pushed:

Correctifs en attente

Craig Ringer sent in a patch to introduce "constant StringInfo"

Ashutosh Sharma sent in two more revisions of a patch to detect the ICU version on Windows.

Amit Kapila sent in another revision of a patch to enable updating a partition key with the effect of moving the affected rows to the appropriate partition.

Masahiko Sawada sent in a patch to make table sync workers check their relation subscription state at the end of COPY and exit if it has disappeared, instead of killing table sync worker in DDL.

Shubham Barai sent in two more revisions of a patch of a patch to implement predicate locking in GiST index.

Micha�l Paquier sent in another revision of a patch to refactor the routine to test connection to SSL server, support channel binding 'tls-unique' in SCRAM, add connection parameters "saslname" and "saslchannelbinding", and implement channel binding tls-server-end-point for SCRAM.

Mengxing Liu sent in a patch to eliminate O(N^2) scaling from rw-conflict tracking in serializable transactions.

Konstantin Knizhnik sent in a patch to implement an ASOF join type.

Daniel Gustafsson sent in two revisions of a patch to add an optional message to user when terminating/cancelling backend.

Mark Rofail sent in two more revisions of a patch to implement foreign key arrays.

Haribabu Kommi sent in another revision of a patch to add Visual Studio 2017 build support.

Daniel V�rit� and Andres Freund traded patches to add pipelining batch support to libpq.

Andres Freund sent in a patch to ensure that signal latch owners don't get signaled if owner not waiting on latch.

Jeff Janes sent in a patch to add a tpcb-func option to pgbench.

Peter Eisentraut and Petr Jel�nek traded patches to fix an issue where things would get stuck when dropping a subscription while synchronizing table.

Amit Langote sent in two revisions of a patch to set pd_lower in GIN metapage.

Alexander Kuzmenkov sent in another revision of a patch to implement CSN snapshots.

Remi Colinet sent in another revision of a patch to add a pg_progress() SQL function to monitor progression of long running SQL queries/utilities.

Alexey Kondratov sent in another revision of a patch to add parallel COPY execution with errors handling.

Masahiko Sawada sent in another revision of a patch to move relation extension locks out of heavyweight lock manager.

Etsuro Fujita sent in a patch to excise useless code from ExecInitModifyTable.

Peter Eisentraut sent in a patch to fix the output of char node fields.

Kyotaro HORIGUCHI sent in another revision of a patch to implement asynchronous execution.

Thomas Munro sent in another revision of a patch to enable transition tuples from wctes.

Thomas Munro sent in another revision of a patch to fix an infelicity between transition tables vs ON CONFLICT.

Micha�l Paquier sent in a patch to ensure that fast promotion is used when doing a recovery_target PITR restore.

Yugo Nagata sent in a patch to fix a bug where autovacuum launcher occurs error when cancelled by SIGINT by calling dsa_attach() before sigsetjmp.

Yugo Nagata sent in a patch to fix a bug where pg_terminate_backend can terminate background workers and autovacuum launcher.

Thomas Munro sent in another revision of a patch to fix an infelicity between transition table behavior and inheritance.

Thomas Munro sent in another revision of a patch to use kqueue where available.

Alexander Korotkov sent in a flock of patches to implement 64-bit XIDs.

Vladimir Kunshchikov sent in a patch to fix a gz_error/strerror mishap.

Masahiko Sawada sent in a patch to correct behavior of pg_stop_backup on a subscriber.

Thom Brown sent in another revision of a patch to implement auto-prewarm.

Tom Lane sent in a patch to guard against bugs-of-omission in initdb's setup_depend.

Micha�l Paquier sent in two more revisions of a patch to fix a broken O(n^2) avoidance in wal segment recycling.

Amit Langote sent in another revision of a patch to cope with differing attnos in ATExecAttachPartition code, and teach ATExecAttachPartition to skip validation in more.

Thomas Munro sent in another revision of a patch to implement causal reads.

Yugo Nagata sent in a patch to ensure that the same expression occurs only once in partition key

Peter Eisentraut sent in a patch to fix some code quality issues in ICU patch.

Petr Jel�nek sent in a patch to fix walsender timeouts when decoding large transaction.

Nikolay Shaplov sent in another revision of a patch to move all am-related reloption code into src/backend/access/[am-name] and get rid of relopt_kind for custom AM.

Fabien COELHO sent in another revision of a patch to add pgbench tap tests.

Tom Lane sent in a patch to reduce pg_ctl's reaction time.

Tom Lane sent in a patch to fix some corner-case error in pgstats file loading.

Tom Lane, and Craig Ringer, and Micha�l Paquier traded patches to fix a timing-sensitive case in src/test/recovery TAP tests.