granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 11 Jul 2018 22:47:31 +0000 (18:47 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 11 Jul 2018 22:47:31 +0000 (18:47 -0400)
commit	39a96512b3ed72de7b24b2667d9575d7e9fcb326
tree	b7cdf447d73d694879a851804ebd68eea98dde14	tree \| snapshot
parent	57cd2b6e6dc571cf65983d2aa86065d6d006f152	commit \| diff

Mark built-in btree comparison functions as leakproof where it's safe.

Generally, if the comparison operators for a datatype or pair of datatypes
are leakproof, the corresponding btree comparison support function can be
considered so as well.  But we had not originally worried about marking
support functions as leakproof, reasoning that they'd not likely be used in
queries so the marking wouldn't matter.  It turns out there's at least one
place where it does matter: calc_arraycontsel() finds the target datatype's
default btree comparison function and tries to use that to estimate
selectivity, but it will be blocked in some cases if the function isn't
leakproof.  This leads to unnecessarily poor selectivity estimates and bad
plans, as seen in bug #15251.

Hence, run around and apply proleakproof markings where the corresponding
btree comparison operators are leakproof.  (I did eyeball each function
to verify that it wasn't doing anything surprising, too.)

This isn't a full solution to bug #15251, and it's not back-patchable
because of the need for a catversion bump.  A more useful response probably
is to consider whether we can check permissions on the parent table instead
of the child.  However, this change will help in some cases where that
won't, and it's easy enough to do in HEAD, so let's do so.

Discussion: https://postgr.es/m/3876.1531261875@sss.pgh.pa.us

src/include/catalog/catversion.h		diff \| blob \| history
src/include/catalog/pg_proc.dat		diff \| blob \| history
src/test/regress/expected/opr_sanity.out		diff \| blob \| history