Tom Lane [Fri, 26 Jun 2009 20:29:04 +0000 (20:29 +0000)]
Cleanup and code review for the patch that made bgwriter active during
archive recovery. Invent a separate state variable and inquiry function
for XLogInsertAllowed() to clarify some tests and make the management of
writing the end-of-recovery checkpoint less klugy. Fix several places
that were incorrectly testing InRecovery when they should be looking at
RecoveryInProgress or XLogInsertAllowed (because they will now be executed
in the bgwriter not startup process). Clarify handling of bad LSNs passed
to XLogFlush during recovery. Use a spinlock for setting/testing
SharedRecoveryInProgress. Improve quite a lot of comments.
Tom Lane [Thu, 25 Jun 2009 23:07:15 +0000 (23:07 +0000)]
Add __attribute__((format_arg(1))) to the declaration of err_gettext(),
to restore gcc's ability to crosscheck format arguments within elog.c.
Noted in a test compilation with -Wformat-nonliteral enabled.
Fix some serious bugs in archive recovery, now that bgwriter is active
during it:
When bgwriter is active, the startup process can't perform mdsync() correctly
because it won't see the fsync requests accumulated in bgwriter's private
pendingOpsTable. Therefore make bgwriter responsible for the end-of-recovery
checkpoint as well, when it's active.
When bgwriter is active (= archive recovery), the startup process must not
accumulate fsync requests to its own pendingOpsTable, since bgwriter won't
see them there when it performs restartpoints. Make startup process drop its
pendingOpsTable when bgwriter is launched to avoid that.
Update minimum recovery point one last time when leaving archive recovery.
It won't be updated by the end-of-recovery checkpoint because XLogFlush()
sees us as out of recovery already.
The code to unlink dropped relations in FinishPreparedTransaction() was
acting like runs inside WAL recovery, but it doesn't. I must've copy-pasted
this from a redo-function in the relation forks patch. Noticed by Tom Lane
while he was looking through callers of smgrdounlink().
Disable pg_standby -l option because the backend doesn't expect the recovered
file to be a symlink. We tried to fix this issue with an earlier server-side
patch, but it didn't fix the whole issue.
The same bug is present in older releases as well, but the 8.4 train is
about to leave the station, and I'm not sure if have consensus on whether
we can remove the -l option in back-branches or do we need to attempt a
server-side fix to make symlinking safe.
Patch by Simon Riggs, per discussion on bug identified by Fujii Masao.
Tom Lane [Tue, 23 Jun 2009 16:25:02 +0000 (16:25 +0000)]
Fix an ancient error in dist_ps (distance from point to line segment), which
a number of other geometric operators also depend on. It miscalculated the
slope of the perpendicular to the given line segment anytime that slope was
other than 0, infinite, or +/-1. In some cases the error would be masked
because the true closest point on the line segment was one of its endpoints
rather than the intersection point, but in other cases it could give an
arbitrarily bad answer. Per bug #4872 from Nick Roosevelt.
Bug goes clear back to Berkeley days, so patch all supported branches.
Make a couple of cosmetic adjustments while at it.
Tom Lane [Tue, 23 Jun 2009 03:46:00 +0000 (03:46 +0000)]
Fix the makefiles to fail cleanly if Perl is needed but not present. This
used to work as intended, but got broken some time ago (a quoted empty string
is not an empty string), and got broken some more by the changes to generate
ecpg's preproc.y automatically. Given all the unprotected uses of $(PERL)
elsewhere, it seems best to make use of the $(missing) script rather than
trying to ensure each such use is protected individually. Also fix various
bits of documentation that omitted to mention Perl as a requirement for
building from a CVS pull. Per a complaint from Robert Haas.
Tom Lane [Mon, 22 Jun 2009 20:04:28 +0000 (20:04 +0000)]
For bulk write operations (eg COPY IN), use a ring buffer of 16MB instead
of the 256KB limit originally enforced by a patch committed 2008-11-06.
Per recent test results, the smaller size resulted in an undesirable decrease
in bulk data loading speed, due to COPY processing frequently getting blocked
for WAL flushing. This area might need more tweaking later, but this setting
seems to be good enough for 8.4.
Tom Lane [Mon, 22 Jun 2009 17:54:30 +0000 (17:54 +0000)]
Make to_timestamp and friends skip leading spaces before an integer field,
even when not in FM mode. This improves compatibility with Oracle and with
our pre-8.4 behavior, as per bug #4862.
Brendan Jurd
Add a couple of regression test cases for this. In passing, get rid of the
labeling of the individual test cases; doesn't seem to be good for anything
except causing extra work when inserting a test...
Tom Lane [Sat, 20 Jun 2009 18:45:28 +0000 (18:45 +0000)]
Fix things so that array_agg_finalfn does not modify or free its input
ArrayBuildState, per trouble report from Merlin Moncure. By adopting
this fix, we are essentially deciding that aggregate final-functions
should not modify their inputs ever. Adjust documentation and comments
to match that conclusion.
Peter Eisentraut [Fri, 19 Jun 2009 19:14:25 +0000 (19:14 +0000)]
Don't convert the man page names to lower case, so that the .so links work.
This is pretty much a workaround for incomplete tools, but having the man
page names in upper case looks more natural anyway.
Tom Lane [Thu, 18 Jun 2009 01:27:02 +0000 (01:27 +0000)]
Fix the just-reported problem that you can't specify all four trigger event
types in CREATE TRIGGER. While at it, clean up the amazingly tedious and
inextensible way that the trigger event type list was handled. Per report
from Greg Sabino Mullane.
Tom Lane [Wed, 17 Jun 2009 16:05:34 +0000 (16:05 +0000)]
ExecAgg() failed to finish running out set-returning functions in the last
aggregated tuple of a run. Per report from Laurenz Albe. This is a new
bug in 8.4, but only because prior versions rejected SRFs in an Agg plan
node altogether.
Tom Lane [Sun, 14 Jun 2009 00:00:24 +0000 (00:00 +0000)]
Change test tables in copy2 regression test to be temporary tables.
This prevents autovacuum from reclaiming free space in them and causing
the test's output row order to change, which is causing intermittent
bogus failure reports in the buildfarm.
Backpatch to 8.3. The issue exists further back, but since autovacuum was
not on by default before 8.3, it's not a problem for buildfarm testing.
Tom Lane [Sat, 13 Jun 2009 15:42:09 +0000 (15:42 +0000)]
Fix get_sort_group_operators() so that it doesn't think arrays can be grouped
via hashing. Eventually we ought to make that possible, but it won't happen
for 8.4. Per yesterday's report from Robert Haas.
Peter Eisentraut [Sat, 13 Jun 2009 13:43:34 +0000 (13:43 +0000)]
Tweak the display of incoming foreign-key constraints in \d, per discussion
on hackers. Also, take that string out of the translation roster, since
it's now entirely pseudo-SQL.
Tom Lane [Thu, 11 Jun 2009 20:46:11 +0000 (20:46 +0000)]
Revisit AlterTableCreateToastTable's API once again, hoping to make it what
pg_migrator actually needs and not just a partial solution. We have to be
able to specify the OID that the new toast table should be created with.
Tom Lane [Thu, 11 Jun 2009 19:00:15 +0000 (19:00 +0000)]
Remove our inadequate kluge that tried to get AIX's various broken versions
of getaddrinfo() to work. Instead, recommend updating the OS to get a working
version of getaddrinfo. Per recent discussions.
Tom Lane [Thu, 11 Jun 2009 18:30:03 +0000 (18:30 +0000)]
Mark contrib's GiST and GIN opclass support functions as STRICT, for safety.
(Note: GiST penalty functions could possibly be non-strict, but none are at
present.)
Tom Lane [Thu, 11 Jun 2009 17:25:39 +0000 (17:25 +0000)]
Fix things so that you can still do "select foo()" where foo is a SQL
function returning setof record. This used to work, more or less
accidentally, but I had broken it while extending the code to allow
materialize-mode functions to be called in select lists. Add a regression
test case so it doesn't get broken again. Per gripe from Greg Davidson.
Tom Lane [Thu, 11 Jun 2009 16:14:18 +0000 (16:14 +0000)]
Somebody seems to have thought they could get away without checking for
rsinfo->expectedDesc == NULL in deflist_to_tuplestore(), but that doesn't
look very safe to me. Noted in passing while studying problem report
from Greg Davidson.
Tom Lane [Wed, 10 Jun 2009 21:24:11 +0000 (21:24 +0000)]
Support Kerberos on platforms where libcom_err depends on OpenSSL, as
reportedly is true on OpenBSD. Also support OpenBSD's spelling of
-Wl,--as-needed. Per Simon Bertrang.
Tom Lane [Wed, 10 Jun 2009 19:21:37 +0000 (19:21 +0000)]
Add a warning about possible strange behavior of volatile functions
in cursors. This has always been the case, but given the lack of user
complaints about it, I'm not going to bother back-patching this.
Tom Lane [Wed, 10 Jun 2009 18:54:16 +0000 (18:54 +0000)]
Keep rs_startblock the same during heap_rescan, so that a rescan of a SeqScan
node starts from the same place as the first scan did. This avoids surprising
behavior of scrollable and WITH HOLD cursors, as seen in Mark Kirkwood's bug
report of yesterday.
It's not entirely clear whether a rescan should be forced to drop out of the
syncscan mode, but for the moment I left the code behaving the same on that
point. Any change there would only be a performance and not a correctness
issue, anyway.
Back-patch to 8.3, since the unstable behavior was created by the syncscan
patch.
Tom Lane [Wed, 10 Jun 2009 16:31:32 +0000 (16:31 +0000)]
Fix cash_in() to behave properly in locales where frac_digits is zero,
eg Japan. Report and fix by Itagaki Takahiro. Also fix CASHDEBUG printout
format for branches with 64-bit money type, and some minor comment cleanup.
Back-patch to 7.4, because it's broken all the way back.
Peter Eisentraut [Wed, 10 Jun 2009 07:03:34 +0000 (07:03 +0000)]
Correct/improve the datetime_precision field in the information schema.
In particular, always show 0 for the date type instead of null, and show
6 (the default) for time, timestamp, and interval without a declared
precision. This is now in fuller conformance with the SQL standard.
Also clarify the documentation about this.
discovered and analyzed by Konstantin Izmailov and Tom Lane
Tom Lane [Wed, 10 Jun 2009 05:05:03 +0000 (05:05 +0000)]
Make handling of INTERVAL DAY TO MINUTE and INTERVAL DAY TO SECOND input
more consistent with other cases, by having an unlabeled integer field
be treated as a number of minutes or seconds respectively. These cases
are outside the spec (which insists on full "dd hh:mm" or "dd hh:mm:ss"
input respectively), so it's not much help to us in deciding what to do.
But with this change, it's uniformly the case that an unlabeled integer
will be considered as being a number of the interval's rightmost field.
The change also takes us back to the 8.3 behavior of throwing error
for certain ambiguous inputs such as INTERVAL '1 2' DAY TO MINUTE.
Per recent discussion.
Tom Lane [Wed, 10 Jun 2009 03:44:35 +0000 (03:44 +0000)]
Ensure xmlFree(NULL) is a no-op instead of a core dump. Per report from
Sergey Burladyan, there are at least some dank corners of libxml2 that
assume this behavior, even though their published documentation suggests
they shouldn't.
This is only really a live problem in 8.3, but the code is still there
for possible debugging use in HEAD, so patch both branches.
Tom Lane [Tue, 9 Jun 2009 19:51:00 +0000 (19:51 +0000)]
Mark internal_in as not strict, so that the construct "null::internal"
will throw an error, rather than possibly allowing someone to synthesize
a manual call to an internal-accepting function. As of CVS HEAD and existing
releases, all such functions are either STRICT or careful about null inputs,
so there is no current security issue here. But it seems like a good idea
to lock this down to protect against future mistakes.
In passing, similarly lock down trigger_in, language_handler_in, opaque_in,
and shell_in. These are not believed to present any security risk, but
there's still no good reason to allow nulls of these types to be created.
I left the polymorphic pseudotypes (anyelement etc) alone, since a null
of one of those types doesn't seem to be a problem --- the worst you can
say about it is that it doesn't have an underlying non-polymorphic type.
If we were to make this change during normal development, we'd just
automatically bump catversion for a pg_proc.h change. But since this doesn't
create a compatibility risk and isn't believed to be fixing a live bug, it
seems better not to force a catversion bump in late beta.
Tom Lane [Tue, 9 Jun 2009 18:15:04 +0000 (18:15 +0000)]
Switch order of tests to avoid possible Assert failure for
"array_agg_finalfn(null)". We should modify pg_proc entries to prevent this
query from being accepted, but let's just make the function itself secure too.
Per my note of today.
Tom Lane [Tue, 9 Jun 2009 17:41:02 +0000 (17:41 +0000)]
Restore dblink_current_query() to being a C-language function, so as to not
create an ABI break between 8.3 and 8.4. It is still just a wrapper around
the built-in current_query() function, but at a different implementation
level. Per my proposal.
Note: this change doesn't break 8.4beta installations, since their
SQL-language definition of the function still works fine.
Tom Lane [Mon, 8 Jun 2009 16:22:44 +0000 (16:22 +0000)]
Fix contrib/pageinspect to not create an ABI breakage between 8.3 and 8.4.
The original implementation of the 3-argument form of get_raw_page() risked
core dumps if the 8.3 SQL function definition was mistakenly used with the
8.4 module, which is entirely likely after a dump-and-reload upgrade. To
protect 8.4 beta testers against upgrade problems, add a check on PG_NARGS.
In passing, fix missed additions to the uninstall script, and polish the
docs a trifle.
Tom Lane [Sun, 7 Jun 2009 20:09:34 +0000 (20:09 +0000)]
Revert my patch of 2009-04-04 that removed contrib/intarray's definitions of
the <@ and @> operators. These are not in fact equivalent to the built-in
anyarray operators of the same names, because they have different behavior for
empty arrays, namely they don't think empty arrays are contained in anything.
That is mathematically wrong, no doubt, but until we can persuade GIN indexes
to implement the mathematical definition we should probably not change this.
Another reason for not changing it now is that we can't yet ensure the
opclasses will be updated correctly in a dump-and-reload upgrade. Per
recent discussions.
Tom Lane [Sat, 6 Jun 2009 22:13:52 +0000 (22:13 +0000)]
Improve the IndexVacuumInfo/IndexBulkDeleteResult API to allow somewhat sane
behavior in cases where we don't know the heap tuple count accurately; in
particular partial vacuum, but this also makes the API a bit more useful
for ANALYZE. This patch adds "estimated_count" flags to both structs so
that an approximate count can be flagged as such, and adjusts the logic
so that approximate counts are not used for updating pg_class.reltuples.
This fixes my previous complaint that VACUUM was putting ridiculous values
into pg_class.reltuples for indexes. The actual impact of that bug is
limited, because the planner only pays attention to reltuples for an index
if the index is partial; which probably explains why beta testers hadn't
noticed a degradation in plan quality from it. But it needs to be fixed.
The whole thing is a bit messy and should be redesigned in future, because
reltuples now has the potential to drift quite far away from reality when
a long period elapses with no non-partial vacuums. But this is as good as
it's going to get for 8.4.
Joe Conway [Sat, 6 Jun 2009 21:27:56 +0000 (21:27 +0000)]
Add support for using SQL/MED compliant FOREIGN DATA WRAPPER, SERVER,
and USER MAPPING as method to supply dblink connect parameters. Per
mailing list and PGCon discussions.
Tom Lane [Sat, 6 Jun 2009 02:39:40 +0000 (02:39 +0000)]
Fix a serious bug introduced into GIN in 8.4: now that MergeItemPointers()
is supposed to remove duplicate heap TIDs, we have to be sure to reduce the
tuple size and posting-item count accordingly in addItemPointersToTuple().
Failing to do so resulted in the effective injection of garbage TIDs into the
index contents, ie, whatever happened to be in the memory palloc'd for the
new tuple. I'm not sure that this fully explains the index corruption
reported by Tatsuo Ishii, but the test case I'm using no longer fails.
Tom Lane [Fri, 5 Jun 2009 18:50:47 +0000 (18:50 +0000)]
GIN's ItemPointerIsMin, ItemPointerIsMax, and ItemPointerIsLossyPage macros
should use GinItemPointerGetBlockNumber/GinItemPointerGetOffsetNumber,
not ItemPointerGetBlockNumber/ItemPointerGetOffsetNumber, because the latter
will Assert() on ip_posid == 0, ie a "Min" pointer. (Thus, ItemPointerIsMin
has never worked at all, but it seems unused at present.) I'm not certain
that the case can occur in normal functioning, but it's blowing up on me
while investigating Tatsuo-san's data corruption problem. In any case it
seems like a problem waiting to bite someone.
Back-patch just in case this really is a problem for somebody in the field.