postgresql.git
5 months agoPrevent premature nbtree array advancement.
Peter Geoghegan [Wed, 7 May 2025 19:20:42 +0000 (15:20 -0400)]
Prevent premature nbtree array advancement.

nbtree array index scans could fail to return matching tuples in rare
cases where the missed tuples cover key space that the scan's arrays
incorrectly indicate has already been read.  These cases involved nearby
tuples with NULL values that were evaluated using a skip array key while
in pstate.forcenonrequired mode.

To fix, prevent forcenonrequired mode from prematurely advancing the
scan's array keys beyond key space that the scan has yet to read tuples
from: reset the scan's array keys (to the first elements in the current
scan direction) before the _bt_checkkeys call for pstate.finaltup.  That
way _bt_checkkeys starts from a clean slate, which ensures that it will
call _bt_advance_array_keys (while passing it sktrig_required=true).
This reliably restores the invariant that the scan's arrays always
accurately track its progress through the index's key space (at least
when the scan is "between pages").

Oversight in commit 8a510275, which optimized nbtree search scan key
comparisons.

Author: Peter Geoghegan <pg@bowt.ie>
Reviewed-By: Mark Dilger <mark.dilger@enterprisedb.com>
Discussion: https://postgr.es/m/CAH2-WzmodSE+gpTd1CRGU9ez8ytyyDS+Kns2r9NzgUp1s56kpw@mail.gmail.com

5 months agonbtree: tighten up array recheck rules.
Peter Geoghegan [Wed, 7 May 2025 19:17:40 +0000 (15:17 -0400)]
nbtree: tighten up array recheck rules.

Be more conservative when performing a scheduled recheck of an nbtree
scan's array keys once on the next page, having set so->scanBehind: back
out of reading the page (perform another primitive scan instead) when
the next page's high key/finaltup has an untruncated prefix of matching
values and truncated suffix attributes associated with lower-order keys.
In other words, stop assuming that the lower-order keys have been
satisfied by the truncated suffix attributes in this context (only do so
when considering scheduling a recheck within _bt_advance_array_keys).

The new behavior is more logical: if the next page read after setting
so->scanBehind can only contain tuples that are themselves "behind the
scan", that's reason enough to cut our losses.  In general, when we set
so->scanBehind, we only expect to perform one recheck on the next page
to make a final decision about whether or not to continue the current
primitive index scan.  It seems unprincipled for the recheck to allow a
_bt_readpage to continue unless the scan's arrays will advance/unless
the page might actually contain relevant tuples.

In practice it is highly unlikely that things will line up like this
(the untruncated prefix of attribute values from the next page's high
key is seldom an exact match for their corresponding array's current
element following array advancement on the original/previous page).
That gives us all the more reason to keep things simple and consistent.

This was arguably an oversight in commit 9a2e2a285a, which improved
nbtree array primitive scan scheduling.

Author: Peter Geoghegan <pg@bowt.ie>
Discussion: https://postgr.es/m/CAH2-WzkXzJajgyW-pCQ7vaDPhaT3huU+Zw_j448rpCBEsu2YOQ@mail.gmail.com

5 months agopg_dumpall: Add --sequence-data.
Nathan Bossart [Wed, 7 May 2025 18:36:51 +0000 (13:36 -0500)]
pg_dumpall: Add --sequence-data.

I recently added this option to pg_dump, but I forgot to add it to
pg_dumpall, too.  There's probably little use for it at the moment,
but we will need it if/when we teach pg_upgrade to use pg_dumpall
to dump the database schemas.

Oversight in commit 9c49f0e8cd.

Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/aBE8rHFo922xQUwh%40nathan

5 months agoRefactor ChangeVarNodesExtended() using the custom callback
Alexander Korotkov [Wed, 7 May 2025 08:10:16 +0000 (11:10 +0300)]
Refactor ChangeVarNodesExtended() using the custom callback

fc069a3a6319 implemented Self-Join Elimination (SJE) and put related logic
to ChangeVarNodes_walker().  This commit provides refactoring to remove the
SJE-related logic from ChangeVarNodes_walker() but adds a custom callback to
ChangeVarNodesExtended(), which has a chance to process a node before
ChangeVarNodes_walker().  Passing this callback to ChangeVarNodesExtended()
allows SJE-related node handling to be kept within the analyzejoins.c.

Reported-by: Richard Guo <guofenglinux@gmail.com>
Discussion: https://postgr.es/m/CAMbWs49PE3CvnV8vrQ0Dr%3DHqgZZmX0tdNbzVNJxqc8yg-8kDQQ%40mail.gmail.com
Author: Andrei Lepikhov <lepihov@gmail.com>
Author: Alexander Korotkov <aekorotkov@gmail.com>

5 months agodoc: Put some psql documentation pieces back into alphabetical order
Peter Eisentraut [Sun, 4 May 2025 18:38:42 +0000 (20:38 +0200)]
doc: Put some psql documentation pieces back into alphabetical order

5 months agoRemove some tabs in C string literals
Peter Eisentraut [Sun, 4 May 2025 11:04:46 +0000 (13:04 +0200)]
Remove some tabs in C string literals

5 months agodoc: Add link to table
Peter Eisentraut [Sun, 4 May 2025 10:43:10 +0000 (12:43 +0200)]
doc: Add link to table

Formal tables should generally have an xref in the text that points to
them.  Add them here.

5 months agodoc: Fix up spacing around verbatim DocBook elements
Peter Eisentraut [Sun, 4 May 2025 10:39:21 +0000 (12:39 +0200)]
doc: Fix up spacing around verbatim DocBook elements

5 months agoFix some comments related to IO workers
Michael Paquier [Wed, 7 May 2025 05:55:57 +0000 (14:55 +0900)]
Fix some comments related to IO workers

IO workers are treated as auxiliary processes.  The comments fixed in
this commit stated that there could be only one auxiliary process of
each BackendType at the same time.  This is not true for IO workers, as
up to MAX_IO_WORKERS of them can co-exist at the same time.

Author: Cédric Villemain <Cedric.Villemain@data-bene.io>
Co-authored-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/e4a3ac45-abce-4b58-a043-b4a31cd11113@Data-Bene.io

5 months agoFix whitespace
Peter Eisentraut [Wed, 7 May 2025 05:01:03 +0000 (07:01 +0200)]
Fix whitespace

5 months agodoc PG 18 relnotes: adjust partition planning item
Bruce Momjian [Wed, 7 May 2025 01:15:44 +0000 (21:15 -0400)]
doc PG 18 relnotes:  adjust partition planning item

Reported-by: David Rowley
Discussion: https://postgr.es/m/CAApHDvqgK7uqPZAwxsfBiFhvBHHB0txaUxhUrdwG4d5Mik_RnA@mail.gmail.com

5 months agodoc PG 18 relnotes: small adjustments regarding options
Bruce Momjian [Tue, 6 May 2025 21:17:46 +0000 (17:17 -0400)]
doc PG 18 relnotes:  small adjustments regarding options

Reported-by: jian he
Discussion: https://postgr.es/m/CACJufxH1jo=hv77AK0HUJYBBMuPmr6+JT+8g-yovuJmHUPGOZQ@mail.gmail.com

5 months agodoc PG 18 relnotes: move partition locking item to General Perf
Bruce Momjian [Tue, 6 May 2025 20:03:56 +0000 (16:03 -0400)]
doc PG 18 relnotes:  move partition locking item to General Perf

Reported-by: Amit Langote
Discussion: https://postgr.es/m/CA+HiwqE+8Pui_NCCC7zgacnet0Cf3tc_vU+P=nhLDES-8xuCUw@mail.gmail.com

5 months agodoc PG 18 relnotes: adjust partition items
Bruce Momjian [Tue, 6 May 2025 19:45:03 +0000 (15:45 -0400)]
doc PG 18 relnotes:  adjust partition items

Reported-by: David Rowley
Discussion: https://postgr.es/m/CAApHDvo+BrVTXMBPjNXBTnAovJWN9+-dYc0kN7rSDqdNvpggZQ@mail.gmail.com

5 months agoStamp 18beta1. REL_18_BETA1
Tom Lane [Mon, 5 May 2025 20:25:46 +0000 (16:25 -0400)]
Stamp 18beta1.

5 months agodoc PG 18 relnotes: reword OAuth item
Bruce Momjian [Mon, 5 May 2025 19:42:03 +0000 (15:42 -0400)]
doc PG 18 relnotes:  reword OAuth item

Reported-by: Jacob Champion
Discussion: https://postgr.es/m/CAOYmi+mEQOqBSJas5V5t__b+6h_MLxyy3JFrVJEq638fnNxi0A@mail.gmail.com

5 months agodoc PG 18 relnotes: add mention of pg_stat_reset_backend_stats()
Bruce Momjian [Mon, 5 May 2025 18:56:58 +0000 (14:56 -0400)]
doc PG 18 relnotes: add mention of pg_stat_reset_backend_stats()

This is for WAL statistics.

Reported-by: Bertrand Drouvot
Discussion: https://postgr.es/m/aBjGlj+Yi++fVRQt@ip-10-97-1-34.eu-west-3.compute.internal

5 months agodoc PG 18 relnotes: adjust hash item
Bruce Momjian [Mon, 5 May 2025 16:30:35 +0000 (12:30 -0400)]
doc PG 18 relnotes:  adjust hash item

Reported-by: David Rowley
Discussion: https://postgr.es/m/CAApHDvrNmGncNgZMh2oBG5K-+4d1LGJgzrz7180OcHRT1VFojw@mail.gmail.com

5 months agodoc PG 18 relnotes: split partition optimizer item into two
Bruce Momjian [Mon, 5 May 2025 15:59:56 +0000 (11:59 -0400)]
doc PG 18 relnotes:  split partition optimizer item into two

Reported-by: David Rowley
Discussion: https://postgr.es/m/CAApHDvohfoJ0D9eiUuVyHU_kq2Y7A_jAjWVsUt0Fm7Gw1Q=1cQ@mail.gmail.com

5 months agoWith GB18030, prevent SIGSEGV from reading past end of allocation.
Noah Misch [Mon, 5 May 2025 11:52:04 +0000 (04:52 -0700)]
With GB18030, prevent SIGSEGV from reading past end of allocation.

With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from().  Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString().  Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions.  All those functions have been
intended to handle untrusted, unterminated input safely.

A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page.  Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach.  Back-patch to v13 (all supported versions).

Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207

5 months agoRefactor test_escape.c for additional ways of testing.
Noah Misch [Mon, 5 May 2025 11:52:04 +0000 (04:52 -0700)]
Refactor test_escape.c for additional ways of testing.

Start the file with static functions not specific to pe_test_vectors
tests.  This way, new tests can use them without disrupting the file's
layout.  Change report_result() PQExpBuffer arguments to plain strings.
Back-patch to v13 (all supported versions), for the next commit.

Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207

5 months agoTranslation updates
Peter Eisentraut [Mon, 5 May 2025 10:04:49 +0000 (12:04 +0200)]
Translation updates

Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git
Source-Git-Hash: f90ee4803c30491e5c49996b973b8a30de47bfb2

5 months agodoc PG 18 relnotes: adjust COPY and REJECT_LIMIT items
Bruce Momjian [Mon, 5 May 2025 02:37:20 +0000 (22:37 -0400)]
doc PG 18 relnotes:  adjust COPY and REJECT_LIMIT items

Reported-by: Atsushi Torikoshi
Discussion: https://postgr.es/m/CAM6-o=CEF6tKAjtGMEOd45YySwNRXPu8d_zyYq=fhnia9hOU6Q@mail.gmail.com

5 months agodoc PG 18 relnotes: move and clarify constraint items
Bruce Momjian [Mon, 5 May 2025 02:08:20 +0000 (22:08 -0400)]
doc PG 18 relnotes:  move and clarify constraint items

Reported-by: Álvaro Herrera
Discussion: https://postgr.es/m/202505041135.cpo7zgdcya2u@alvherre.pgsql

5 months agodoc PG 18 relnotes: add commit for cancel key and protocol neg.
Bruce Momjian [Mon, 5 May 2025 01:44:39 +0000 (21:44 -0400)]
doc PG 18 relnotes:  add commit for cancel key and protocol neg.

Reported-by: Jelte Fennema-Nio
Discussion: https://postgr.es/m/CAGECzQQehQrhkNNXvLiBgE3odBbTPG=9PzV8F4Oqq3kOorK0Sw@mail.gmail.com

5 months agodoc PG 18 relnotes: fix libpq wording
Bruce Momjian [Sat, 3 May 2025 22:49:40 +0000 (18:49 -0400)]
doc PG 18 relnotes: fix libpq wording

Reported-by: Jelte Fennema-Nio
Discussion: https://postgr.es/m/CAGECzQT4804OLOP+nDBxDpMw3Soq=g+fKOE7NryBHggy4GgEcg@mail.gmail.com

5 months agoRevert "Refactor ChangeVarNodesExtended() using the custom callback"
Alexander Korotkov [Sat, 3 May 2025 19:42:05 +0000 (22:42 +0300)]
Revert "Refactor ChangeVarNodesExtended() using the custom callback"

This reverts commit 250a718aadad68793e82103282247556a46a3cfc.
It shouldn't be pushed during the release freeze.

Reported-by: Tom Lane
Discussion: https://postgr.es/m/E1uBIbY-000owH-0O%40gemulon.postgresql.org

5 months agoRefactor ChangeVarNodesExtended() using the custom callback
Alexander Korotkov [Sat, 3 May 2025 19:30:52 +0000 (22:30 +0300)]
Refactor ChangeVarNodesExtended() using the custom callback

fc069a3a6319 implemented Self-Join Elimination (SJE) and put related logic
to ChangeVarNodes_walker().  This commit provides refactoring to remove the
SJE-related logic from ChangeVarNodes_walker() but adds a custom callback to
ChangeVarNodesExtended(), which has a chance to process a node before
ChangeVarNodes_walker().  Passing this callback to ChangeVarNodesExtended()
allows SJE-related node handling to be kept within the analyzejoins.c.

Reported-by: Richard Guo <guofenglinux@gmail.com>
Discussion: https://postgr.es/m/CAMbWs49PE3CvnV8vrQ0Dr%3DHqgZZmX0tdNbzVNJxqc8yg-8kDQQ%40mail.gmail.com
Author: Andrei Lepikhov <lepihov@gmail.com>
Author: Alexander Korotkov <aekorotkov@gmail.com>

5 months agodoc: update guidelines on non-ASCII characters in docs
Bruce Momjian [Sat, 3 May 2025 18:45:26 +0000 (14:45 -0400)]
doc:  update guidelines on non-ASCII characters in docs

5 months agodoc PG 18 relnotes: add GROUP BY column elimination item
Bruce Momjian [Sat, 3 May 2025 16:57:18 +0000 (12:57 -0400)]
doc PG 18 relnotes:  add GROUP BY column elimination item

With a nod to PG 9.6.

Reported-by: jian he
Discussion: https://postgr.es/m/CACJufxEqs=EXZETwtaOooTFhZrtxvSWg8M2uPfzjNtS3wQ6Dzw@mail.gmail.com

5 months agodoc PG 18 relnotes: move protocol version item to "server"
Bruce Momjian [Sat, 3 May 2025 16:19:31 +0000 (12:19 -0400)]
doc PG 18 relnotes:  move protocol version item to "server"

Reported-by: Jelte Fennema-Nio
Discussion: https://postgr.es/m/CAGECzQSTBgTsDJPxOHWKo7106-YnnYQGzpzNJdis+xTKGUhu2g@mail.gmail.com

5 months agoFix memory allocation/copy mistakes.
Etsuro Fujita [Sat, 3 May 2025 11:00:00 +0000 (20:00 +0900)]
Fix memory allocation/copy mistakes.

The previous code was allocating more memory and copying more data than
necessary because it specified the wrong PgStat_KindInfo member as the
size argument for MemoryContextAlloc and memcpy, respectively.

Although these issues exist since 5891c7a8e, there have been no reports
from the field.  So for now, it seems sufficient to fix them in master.

Author: Etsuro Fujita <etsuro.fujita@gmail.com>
Reviewed-by: Heikki Linnakangas <hlinnaka@iki.fi>
Reviewed-by: Gurjeet Singh <gurjeet@singh.im>
Discussion: https://postgr.es/m/CAPmGK15eTRCZTnfgQ4EuBNo%3DQLYGFEbXS_7m2dXqtkcT7L8qrQ%40mail.gmail.com

5 months agoFix typos in comments.
Etsuro Fujita [Sat, 3 May 2025 10:10:00 +0000 (19:10 +0900)]
Fix typos in comments.

Also adjust the phrasing in the comments.

Author: Etsuro Fujita <etsuro.fujita@gmail.com>
Author: Heikki Linnakangas <hlinnaka@iki.fi>
Reviewed-by: Tender Wang <tndrwang@gmail.com>
Reviewed-by: Gurjeet Singh <gurjeet@singh.im>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/CAPmGK17%3DPHSDZ%2B0G6jcj12buyyE1bQQc3sbp1Wxri7tODT-SDw%40mail.gmail.com
Backpatch-through: 15

5 months agodoc PG 18 relnotes: update chapter tags for recent commit
Bruce Momjian [Sat, 3 May 2025 00:10:10 +0000 (20:10 -0400)]
doc PG 18 relnotes:  update chapter tags for recent commit

5 months agodoc PG 18 relnotes: adjust libpq trace & potocol version items
Bruce Momjian [Sat, 3 May 2025 00:09:12 +0000 (20:09 -0400)]
doc PG 18 relnotes:  adjust libpq trace & potocol version items

Reported-by: Jelte Fennema-Nio
Discussion: https://postgr.es/m/CAGECzQQj0r_JX38fa-_kepp9UaMzCcujRAYaJG2+fPks1b8MVg@mail.gmail.com

5 months agodoc PG 18 relnotes: reword and reorder items
Bruce Momjian [Fri, 2 May 2025 23:58:54 +0000 (19:58 -0400)]
doc PG 18 relnotes:  reword and reorder items

Also move ssl_groups to a more appropriate section.

Reported-by: Jacob Champion (ssl_groups item)
Discussion: https://postgr.es/m/CAOYmi+k_zpGaDOrwV46_j-O-a_hSWxcXM6h8vccq45Y28deP-g@mail.gmail.com

5 months agoAvoid treating nonrequired nbtree keys as required.
Peter Geoghegan [Fri, 2 May 2025 21:50:58 +0000 (17:50 -0400)]
Avoid treating nonrequired nbtree keys as required.

Consistently prevent nbtree array advancement from treating a scankey as
required when operating in pstate.forcenonrequired mode.  Otherwise, we
risk a NULL pointer dereference.  This was possible in the path where
_bt_check_compare is called to recheck a tuple that advanced all of the
scan's arrays to matching values: its continuescan=false handling
expects _bt_advance_array_keys to have been called with a valid pstate,
but it'll always be NULL during sktrig_required=false calls (which is
how _bt_advance_array_keys must be called when pstate.forcenonrequired).

Oversight in commit 8a510275, which optimized nbtree search scan key
comparisons.

Author: Peter Geoghegan <pg@bowt.ie>
Reported-By: Mark Dilger <mark.dilger@enterprisedb.com>
Discussion: https://postgr.es/m/CAHgHdKsn2W=gPBmj7p6MjQFvxB+zZDBkwTSg0o3f5Hh8rkRrsA@mail.gmail.com
Discussion: https://postgr.es/m/CAH2-WzmodSE+gpTd1CRGU9ez8ytyyDS+Kns2r9NzgUp1s56kpw@mail.gmail.com

5 months agoFix memory leak in _gin_parallel_merge
Tomas Vondra [Fri, 2 May 2025 21:04:39 +0000 (23:04 +0200)]
Fix memory leak in _gin_parallel_merge

To insert the merged GIN entries in _gin_parallel_merge, the leader
calls ginEntryInsert(). This may allocate memory, e.g. for a new leaf
tuple. This was allocated in the PortalContext, and kept until the end
of the index build. For most GIN indexes the amount of leaked memory is
negligible, but for custom opclasses with large keys it may cause OOMs.

Fixed by calling ginEntryInsert() in a temporary memory context, reset
after each insert. Other ginEntryInsert() callers do this too, except
that the context is reset after batches of inserts. More frequent resets
don't seem to hurt performance, it may even help it a bit.

Report and fix by Vinod Sridharan.

Author: Vinod Sridharan <vsridh90@gmail.com>
Reviewed-by: Tomas Vondra <tomas@vondra.me>
Discussion: https://postgr.es/m/CAFMdLD4p0VBd8JG=Nbi=BKv6rzFAiGJ_sXSFrw-2tNmNZFO5Kg@mail.gmail.com

5 months agoDon't use a tuplestore if we don't have to for SQL-language functions.
Tom Lane [Fri, 2 May 2025 20:16:20 +0000 (16:16 -0400)]
Don't use a tuplestore if we don't have to for SQL-language functions.

We only need a tuplestore if we're actually going to accumulate
multiple result tuples.  Obviously then we don't need one for non-set-
returning functions; but even a SRF doesn't need one if we decide to
use "lazyEval" (one row at a time) mode.  In these cases, it's
sufficient to use the junkfilter's result slot to hold the single row
that's due to be returned.  We just need to "materialize" that slot
to ensure it holds onto the data past shutdown of the sub-executor.

The original intent of this patch was partially to save a few cycles
(by not putting tuples into a tuplestore only to pull them back out
immediately), but mostly to ensure that we don't use a tuplestore
in non-set-returning functions.  That's because I had concerns
about whether a tuplestore is safe to keep across queries,
which was possible for functions invoked via long-lived FmgrInfos
such as those kept in the typcache.  There are no cases where SRFs
are called that way, so getting rid of the tuplestore in non-SRFs
should make things safer.

However, it emerges that running fmgr_sql in a short-lived context
(as 595d1efed made it do) makes the existing coding unsafe anyway:
we can end up with a long-lived TupleTableSlot holding a freeable
reference to a short-lived tuple, resulting in a double-free crash.
Not trying to pull tuples out of the tuplestore using that slot
dodges the problem, so I'm going to commit this now rather than
invent a band-aid solution for v18.

Reported-by: Alexander Lakhin <exclusion@gmail.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/2443532.1744919968@sss.pgh.pa.us
Discussion: https://postgr.es/m/9f975803-1a1c-4f21-b987-f572e110e860@gmail.com

5 months agoHandle self-referencing FKs correctly in partitioned tables
Álvaro Herrera [Fri, 2 May 2025 19:25:50 +0000 (21:25 +0200)]
Handle self-referencing FKs correctly in partitioned tables

For self-referencing foreign keys in partitioned tables, we weren't
handling creation of pg_constraint rows during CREATE TABLE PARTITION AS
as well as ALTER TABLE ATTACH PARTITION.  This is an old bug -- mostly,
we broke this in 614a406b4ff1 while trying to fix it (so 12.13, 13.9,
14.6 and 15.0 and up all behave incorrectly).  This commit reverts part
of that with additional fixes for full correctness, and installs more
tests to verify the parts we broke, not just the catalog contents but
also the user-visible behavior.

Backpatch to all live branches.  In branches 13 and 14, commit
46a8c27a7226 changed the behavior during DETACH to drop a FK
constraint rather than trying to repair it, because the complete fix of
repairing catalog constraints was problematic due to lack of previous
fixes.  For this reason, the test behavior in those branches is a bit
different.  However, as best as I can tell, the fix works correctly
there.

In release notes we have to recommend that all self-referencing foreign
keys on partitioned tables be recreated if partitions have been created
or attached after the FK was created, keeping in mind that violating
rows might already be present on the referencing side.

Reported-by: Guillaume Lelarge <guillaume@lelarge.info>
Reported-by: Matthew Gabeler-Lee <fastcat@gmail.com>
Reported-by: Luca Vallisa <luca.vallisa@gmail.com>
Discussion: https://postgr.es/m/CAECtzeWHCA+6tTcm2Oh2+g7fURUJpLZb-=pRXgeWJ-Pi+VU=_w@mail.gmail.com
Discussion: https://postgr.es/m/18156-a44bc7096f0683e6@postgresql.org
Discussion: https://postgr.es/m/CAAT=myvsiF-Attja5DcWoUWh21R12R-sfXECY2-3ynt8kaOqjw@mail.gmail.com

5 months agoDoc: correct spelling of meson switch.
Tom Lane [Fri, 2 May 2025 19:12:49 +0000 (15:12 -0400)]
Doc: correct spelling of meson switch.

It's --auto-features not --auto_features.

Reported-by: Egor Chindyaskin <kyzevan23@mail.ru>
Discussion: https://postgr.es/m/172465652540.862882.17808523044292761256@wrigleys.postgresql.org
Discussion: https://postgr.es/m/1979661.1746212726@sss.pgh.pa.us
Backpatch-through: 16

5 months agooauth: Correct SSL dependency for libpq-oauth.a
Jacob Champion [Fri, 2 May 2025 17:45:12 +0000 (10:45 -0700)]
oauth: Correct SSL dependency for libpq-oauth.a

libpq-oauth.a includes libpq-int.h, which includes OpenSSL headers. The
Autoconf side picks up the necessary include directories via CPPFLAGS,
but Meson needs the dependency to be made explicit.

Reported-by: Nathan Bossart <nathandbossart@gmail.com>
Tested-by: Nathan Bossart <nathandbossart@gmail.com>
Tested-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/aBTgjDfrdOZmaPgv%40nathan

5 months agoMake "directory" setting work with extension_control_path
Peter Eisentraut [Fri, 2 May 2025 14:25:40 +0000 (16:25 +0200)]
Make "directory" setting work with extension_control_path

The extension_control_path setting (commit 4f7f7b03758) did not
support extensions that set a custom "directory" setting in their
control file.  Very few extensions use that and during the discussion
on the previous commit it was suggested to maybe remove that
functionality.  But a fix was easier than initially thought, so this
just adds that support.  The fix is to use the control->control_dir as
a share dir to return the path of the extension script files.

To make this work more sensibly overall, the directory suffix
"extension" is no longer to be included in the extension_control_path
value.  To quote the patch, it would be

-extension_control_path = '/usr/local/share/postgresql/extension:/home/my_project/share/extension:$system'
+extension_control_path = '/usr/local/share/postgresql:/home/my_project/share:$system'

During the initial patch, there was some discussion on which of these
two approaches would be better, and the committed patch was a 50/50
decision.  But the support for the "directory" setting pushed it the
other way, and also it seems like many people didn't like the previous
behavior much.

Author: Matheus Alcantara <mths.dev@pm.me>
Reviewed-by: Christoph Berg <myon@debian.org>
Reviewed-by: David E. Wheeler <david@justatheory.com>
Discussion: https://www.postgresql.org/message-id/flat/aAi1VACxhjMhjFnb%40msg.df7cb.de#0cdf7b7d727cc593b029650daa3c4fbc

5 months agodoc: first draft of the PG 18 release notes
Bruce Momjian [Fri, 2 May 2025 02:36:58 +0000 (22:36 -0400)]
doc:  first draft of the PG 18 release notes

5 months agoDoc: stop implying recommendation of insecure search_path value.
Noah Misch [Thu, 1 May 2025 23:51:59 +0000 (16:51 -0700)]
Doc: stop implying recommendation of insecure search_path value.

SQL "SET search_path = 'pg_catalog, pg_temp'" is silently equivalent to
"SET search_path = pg_temp, pg_catalog, "pg_catalog, pg_temp"" instead
of the intended "SET search_path = pg_catalog, pg_temp".  (The intent
was a two-element search path.  With the single quotes, it instead
specifies one element with a comma and a space in the middle of the
element.)  In addition to the SET statement, this affects SET clauses of
CREATE FUNCTION, ALTER ROLE, and ALTER DATABASE.  It does not affect the
set_config() SQL function.

Though the documentation did not show an insecure command, remove single
quotes that could entice a reader to write an insecure command.
Back-patch to v13 (all supported versions).

Reported-by: Sven Klemm <sven@timescale.com>
Author: Sven Klemm <sven@timescale.com>
Backpatch-through: 13

5 months agodoc: Flesh out extension docs for the "prefix" make variable
Peter Eisentraut [Thu, 1 May 2025 20:10:36 +0000 (22:10 +0200)]
doc: Flesh out extension docs for the "prefix" make variable

The variable is a bit magical in how it requires "postgresql" or
"pgsql" to be part of the path, and files end up in its "share" and
"lib" subdirectories.  So mention all that and show an example of
setting "extension_control_path" and "dynamic_library_path" to use
those locations.

Author: David E. Wheeler <david@justatheory.com>
Reviewed-by: Matheus Alcantara <matheusssilv97@gmail.com>
Reviewed-by: Christoph Berg <myon@debian.org>
Discussion: https://www.postgresql.org/message-id/6B5BF07B-8A21-48E3-858C-1DC22F3A28B4@justatheory.com

5 months agooauth: Fix Autoconf build on macOS
Jacob Champion [Thu, 1 May 2025 19:35:52 +0000 (12:35 -0700)]
oauth: Fix Autoconf build on macOS

Oversight in b0635bfda. -lintl is necessary for gettext on Mac, which
libpq-oauth depends on via pgport/pgcommon. (I'd incorrectly removed
this change from an earlier version of the patch, where it was suggested
by Peter Eisentraut.)

Per buildfarm member indri.

5 months agooauth: Move the builtin flow into a separate module
Jacob Champion [Thu, 1 May 2025 16:14:30 +0000 (09:14 -0700)]
oauth: Move the builtin flow into a separate module

The additional packaging footprint of the OAuth Curl dependency, as well
as the existence of libcurl in the address space even if OAuth isn't
ever used by a client, has raised some concerns. Split off this
dependency into a separate loadable module called libpq-oauth.

When configured using --with-libcurl, libpq.so searches for this new
module via dlopen(). End users may choose not to install the libpq-oauth
module, in which case the default flow is disabled.

For static applications using libpq.a, the libpq-oauth staticlib is a
mandatory link-time dependency for --with-libcurl builds. libpq.pc has
been updated accordingly.

The default flow relies on some libpq internals. Some of these can be
safely duplicated (such as the SIGPIPE handlers), but others need to be
shared between libpq and libpq-oauth for thread-safety. To avoid
exporting these internals to all libpq clients forever, these
dependencies are instead injected from the libpq side via an
initialization function. This also lets libpq communicate the offsets of
PGconn struct members to libpq-oauth, so that we can function without
crashing if the module on the search path came from a different build of
Postgres. (A minor-version upgrade could swap the libpq-oauth module out
from under a long-running libpq client before it does its first load of
the OAuth flow.)

This ABI is considered "private". The module has no SONAME or version
symlinks, and it's named libpq-oauth-<major>.so to avoid mixing and
matching across Postgres versions. (Future improvements may promote this
"OAuth flow plugin" to a first-class concept, at which point we would
need a public API to replace this anyway.)

Additionally, NLS support for error messages in b3f0be788a was
incomplete, because the new error macros weren't being scanned by
xgettext. Fix that now.

Per request from Tom Lane and Bruce Momjian. Based on an initial patch
by Daniel Gustafsson, who also contributed docs changes. The "bare"
dlopen() concept came from Thomas Munro. Many people reviewed the design
and implementation; thank you!

Co-authored-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Christoph Berg <myon@debian.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Wolfgang Walther <walther@technowledgy.de>
Discussion: https://postgr.es/m/641687.1742360249%40sss.pgh.pa.us

5 months agoRemove extra "not" in pg_upgrade documentation.
Nathan Bossart [Thu, 1 May 2025 14:31:36 +0000 (09:31 -0500)]
Remove extra "not" in pg_upgrade documentation.

Oversight in commit cb45dc3afb.

Reported-by: Erik Rijkers <er@xs4all.nl>
Reviewed-by: Fujii Masao <masao.fujii@oss.nttdata.com>
Discussion: https://postgr.es/m/7b856277-62ad-80f0-36e1-a134ec3c9cab%40xs4all.nl

5 months agodoc: Warn that ts_headline() output is not HTML-safe.
Dean Rasheed [Thu, 1 May 2025 10:03:43 +0000 (11:03 +0100)]
doc: Warn that ts_headline() output is not HTML-safe.

Add a documentation warning to ts_headline() pointing out that, when
working with untrusted input documents, the output is not guaranteed
to be safe for direct inclusion in web pages. This is because, while
it does remove some XML tags from the input, it doesn't remove all
HTML markup, and so the result may be unsafe (e.g., it might permit
XSS attacks).

To guard against that, all HTML markup should be removed from the
input, making it plain text, or the output should be passed through an
HTML sanitizer.

In addition, document precisely what the default text search parser
recognises as valid XML tags, since that's what determines which XML
tags ts_headline() will remove.

Reported-by: Richard Neill <richard.neill@telos.digital>
Author: Dean Rasheed <dean.a.rasheed@gmail.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Backpatch-through: 13

5 months agodoc: Improve explanations when a table rewrite is needed
Peter Eisentraut [Thu, 1 May 2025 06:56:43 +0000 (08:56 +0200)]
doc: Improve explanations when a table rewrite is needed

Further improvement for commit 11bd8318602.  That commit confused
identity and generated columns; fix that.  Also, virtual generated
columns have since been added; add more details about that.  Also some
small rewordings and reformattings to further improve clarity.

Reviewed-by: Robert Treat <rob@xzilla.net>
Discussion: https://postgr.es/m/00e6eb5f5c793b8ef722252c7a519c9a@oss.nttdata.com

5 months agoAdjust overstrong nbtree skip array assertion.
Peter Geoghegan [Thu, 1 May 2025 03:15:51 +0000 (23:15 -0400)]
Adjust overstrong nbtree skip array assertion.

Make an nbtree array preprocessing assertion account for scans that add
fewer skip arrays than initially expected due to preprocessing finding
an unsatisfiable array qual.

Oversight in commit 92fe23d9.

Author: Peter Geoghegan <pg@bowt.ie>
Reported-By: Mark Dilger <mark.dilger@enterprisedb.com>
Discussion: https://postgr.es/m/CAHgHdKtQMhHy5qcB3KqCcGiW-Rp8P7KzUFRa9ZMKUiv6zen7LQ@mail.gmail.com

5 months agodoc: Mention cost-based delays for total_[auto]{vacuum,analyze}_time
Michael Paquier [Wed, 30 Apr 2025 23:52:19 +0000 (08:52 +0900)]
doc: Mention cost-based delays for total_[auto]{vacuum,analyze}_time

30a6ed0ce4b has added four attributes to pg_stat_all_tables to track the
cumulative time spent in [auto]vacuum and [auto]analyze.  It was not
mentioned that the vacuum cost-based delays are included in these
numbers, which could be confusing now that the delays are included in
the vacuum progress view (bb8dff9995f2).

This commit adds an extra note about this matter.

Reported-by: Magnus Hagander <magnus@hagander.net>
Author: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Discussion: https://postgr.es/m/CABUevEz9v1ZNToPyD98JnWDGZgG=SmPZKkSNzU9hXQ-nGTQF0g@mail.gmail.com

5 months agoConvert strncpy to strlcpy
Daniel Gustafsson [Wed, 30 Apr 2025 21:00:47 +0000 (23:00 +0200)]
Convert strncpy to strlcpy

We try to avoid using strncpy() due to the ease of which it can
be misused.  Convert this callsite to use strlcpy() instead to
match similar codepaths in this file.

Suggested-by: Peter Eisentraut <peter@eisentraut.org>
Discussion: https://postgr.es/m/2a796830-de2d-4030-b480-d673f6cc5d94@eisentraut.org

5 months agodoc: Add missing reference to track_cost_delay_timing.
Nathan Bossart [Wed, 30 Apr 2025 19:45:54 +0000 (14:45 -0500)]
doc: Add missing reference to track_cost_delay_timing.

Oversight in commit bb8dff9995.

5 months agovacuumdb: Don't skip empty relations in --missing-stats-only mode.
Nathan Bossart [Wed, 30 Apr 2025 19:12:59 +0000 (14:12 -0500)]
vacuumdb: Don't skip empty relations in --missing-stats-only mode.

Presently, --missing-stats-only skips relations with reltuples set
to 0 because empty relations don't get optimizer statistics.
However, before v14, a reltuples value of 0 was ambiguous: it could
either mean the relation is empty, or it could mean that it hadn't
yet been vacuumed or analyzed.  (Commit 3d351d916b taught v14 and
newer to use -1 for the latter case.)  This ambiguity can cause
--missing-stats-only to inadvertently skip relations that need
optimizer statistics after upgrades to v18 and newer (since
reltuples is now transferred from the old cluster).

To fix, simply remove the check for reltuples != 0.  This will
cause --missing-stats-only to analyze some empty tables, but that
doesn't seem too terrible a trade-off.

Reported-by: Christoph Berg <myon@debian.org>
Reviewed-by: Christoph Berg <myon@debian.org>
Discussion: https://postgr.es/m/aAjyvW5_fRGNr7yF%40msg.df7cb.de

5 months agoFurther adjust guidance for running vacuumdb after pg_upgrade.
Nathan Bossart [Wed, 30 Apr 2025 19:12:59 +0000 (14:12 -0500)]
Further adjust guidance for running vacuumdb after pg_upgrade.

Since pg_upgrade does not transfer the cumulative statistics used
to trigger autovacuum and autoanalyze, the server may take much
longer than expected to process them post-upgrade.  Currently, we
recommend analyzing only relations for which optimizer statistics
were not transferred by using the --analyze-in-stages and
--missing-stats-only options.  This commit appends another
recommendation to analyze all relations to update the relevant
cumulative statistics by using the --analyze-only option.  This is
similar to the recommendation for pg_stat_reset().

Reported-by: Christoph Berg <myon@debian.org>
Reviewed-by: Christoph Berg <myon@debian.org>
Discussion: https://postgr.es/m/aAfxfKC82B9NvJDj%40msg.df7cb.de

5 months agodoc: Alphabetize long options for pg_dump[all].
Nathan Bossart [Wed, 30 Apr 2025 18:07:51 +0000 (13:07 -0500)]
doc: Alphabetize long options for pg_dump[all].

The current ordering strategy for these pages is to list the short
options in alphabetical order followed by the long options in
alphabetical order.  If an option has both a short variant and a
long variant, the short variant takes precedence.  This commit
moves a few recently added options to match this style.  We should
probably adjust all pages and --help output to list the long and
short options in one combined alphabetical list (with the long
variants taking precedence), but that is a much larger change, so
it is left as a future exercise.

Oversights in commits a5cf808be51fd1bd8710, and bde2fb797a.

Reviewed-by: Álvaro Herrera <alvherre@kurilemu.de>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Discussion: https://postgr.es/m/aBFBtsltgu3-IU1d%40nathan

5 months agoUpdate time zone data files to tzdata release 2025b.
Tom Lane [Wed, 30 Apr 2025 15:13:49 +0000 (11:13 -0400)]
Update time zone data files to tzdata release 2025b.

DST law changes in Chile: there is a new time zone America/Coyhaique
for Chile's Aysén Region, to account for it changing to UTC-03
year-round and thus diverging from America/Santiago.

Historical corrections for Iran.

Backpatch-through: 13

5 months agoTypo and doc fixups for memory context reporting
Daniel Gustafsson [Wed, 30 Apr 2025 09:10:27 +0000 (11:10 +0200)]
Typo and doc fixups for memory context reporting

This fixes comment and docs typos as well as a small documentation
change to make it clearer.  Found via post-commit review.

Author: Rahila Syed <rahilasyed90@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CAH2L28vt16C9xTuK+K7QZvtA3kCNWXOEiT=gEekUw3Xxp9LVQw@mail.gmail.com

5 months agoAdd missing string terminator
Daniel Gustafsson [Wed, 30 Apr 2025 08:34:08 +0000 (10:34 +0200)]
Add missing string terminator

When copying the string strncpy won't add nul termination since
the string length is equal to the length specified.  Explicitly
set a nul terminator after copying to properly terminate. Found
via post-commit review.

Author: Rahila Syed <rahilasyed90@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CAH2L28vt16C9xTuK+K7QZvtA3kCNWXOEiT=gEekUw3Xxp9LVQw@mail.gmail.com

5 months agoAdd 918e7287e to .git-blame-ignore-revs
David Rowley [Wed, 30 Apr 2025 07:27:56 +0000 (19:27 +1200)]
Add 918e7287e to .git-blame-ignore-revs

5 months agoFix broken indentation
David Rowley [Wed, 30 Apr 2025 07:18:30 +0000 (19:18 +1200)]
Fix broken indentation

I forgot to run pgindent in d8555e522.

Reported-by: Fujii Masao <masao.fujii@oss.nttdata.com>
Discussion: https://postgr.es/m/156083c9-eac0-418d-9667-92dec4d6d6cd@oss.nttdata.com

5 months agoFix a couple of comment typos
David Rowley [Wed, 30 Apr 2025 01:40:46 +0000 (13:40 +1200)]
Fix a couple of comment typos

Author: Junwang Zhao <zhjwpku@gmail.com>
Discussion: https://postgr.es/m/CAEG8a3+MRwDKc4YSFKKPKq7Y+vMufVC5u94wM5KZPB2CbgCxnQ@mail.gmail.com

5 months agoGive up on running with NetBSD/OpenBSD's default semaphore settings.
Tom Lane [Tue, 29 Apr 2025 21:27:52 +0000 (17:27 -0400)]
Give up on running with NetBSD/OpenBSD's default semaphore settings.

This reverts commit 38da053463bef32adf563ddee5277d16d2b6c5af, which
attempted to preserve our ability to start with only 60 semaphores.

Subsequent changes (particularly 55b454d0e) have put that idea pretty
much permanently out of reach: people wishing to use Postgres v18 on
OpenBSD or NetBSD will have no choice but to increase those platforms'
default values of SEMMNI and SEMMNS.

Hence, revert 38da05346's changes in SEMAS_PER_SET and the minimum
tested value of max_connections.  Adjust a comment from the subsequent
patch 6d0154196, and tweak the wording in runtime.sgml to make it
clear that changing SEMMNI/SEMMNS is no longer even a little bit
optional on these platforms.

Although 38da05346 was later back-patched into v17, leave that branch
alone: it's still capable of starting with 60 semaphores, and there's
no reason to break that.

Author: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Discussion: https://postgr.es/m/E1tuZNv-0037Gs-34@gemulon.postgresql.org
Discussion: https://postgr.es/m/1052019.1745947915@sss.pgh.pa.us

5 months agooauth: Classify oauth_client_secret as a password
Jacob Champion [Tue, 29 Apr 2025 20:08:55 +0000 (13:08 -0700)]
oauth: Classify oauth_client_secret as a password

Tell UIs to hide the value of oauth_client_secret, like the other
passwords. Due to the previous commit, this does not affect postgres_fdw
and dblink, but add a comment to try to warn others of the hazard in the
future.

Reported-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Discussion: https://postgr.es/m/20250415191435.55.nmisch%40google.com

5 months agooauth: Disallow OAuth connections via postgres_fdw/dblink
Jacob Champion [Tue, 29 Apr 2025 20:08:24 +0000 (13:08 -0700)]
oauth: Disallow OAuth connections via postgres_fdw/dblink

A subsequent commit will reclassify oauth_client_secret from dispchar=""
to dispchar="*", so that UIs will treat it like a secret. For our FDWs,
this change will move that option from SERVER to USER MAPPING, which we
need to avoid.

But upon further discussion, we don't really want our FDWs to use our
builtin Device Authorization flow at all, for several reasons:

- the URL and code would be printed to the server logs, not sent over
  the client connection
- tokens are not cached/refreshed, so every single connection has to be
  manually authorized by a user with a browser
- oauth_client_secret needs to belong to the foreign server, but options
  on SERVER are publicly accessible
- all non-superusers would need password_required=false, which is
  dangerous

Future OAuth work can use FDWs as a motivating use case. But for now,
disallow all oauth_* connection options for these two extensions.

Reviewed-by: Noah Misch <noah@leadboat.com>
Discussion: https://postgr.es/m/20250415191435.55.nmisch%40google.com

5 months agoBump the minimum supported Python version to 3.6.8
Jacob Champion [Tue, 29 Apr 2025 20:04:19 +0000 (13:04 -0700)]
Bump the minimum supported Python version to 3.6.8

Python 3.2 is no longer tested by the buildfarm, and there are only a
handful of buildfarm animals running versions older than 3.6, which
itself went end-of-life in 2021. Python 3.6.8 is the default version
shipped in RHEL8, so that seems like a reasonable baseline for PG18.

Now that we use the Python Limited API as of 0793ab810, older versions
of Python should continue functioning for users of PL/Python in
particular, so soften the language from "required" to "supported".

Wording by Tom Lane. Separate from the review of the patch itself,
several people provided input on the choice of cutoff: Christoph Berg,
Devrim Gündüz, Florents Tselai, Jelte Fennema-Nio, and Renan Alves
Fonseca. Thank you!

Suggested-by: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Discussion: https://postgr.es/m/16098.1745079444%40sss.pgh.pa.us

5 months agoFix whitespace typo in string
Peter Eisentraut [Tue, 29 Apr 2025 17:08:40 +0000 (19:08 +0200)]
Fix whitespace typo in string

5 months agoinitdb: Do not report default autovacuum_worker_slots.
Nathan Bossart [Tue, 29 Apr 2025 16:41:42 +0000 (11:41 -0500)]
initdb: Do not report default autovacuum_worker_slots.

Commit 6d01541960 taught initdb to lower the default value of
autovacuum_worker_slots for systems with very few semaphores.  It
also added a "fake" report for the chosen value, i.e., initdb
prints a message about selecting the default, but the value was
already selected in a previous test.  Per discussion, this is not a
precedent we want to set, and it seems unnecessary to report
everything derived from max_connections, so let's remove the "fake"
report.

Reported-by: Peter Eisentraut <peter@eisentraut.org>
Suggested-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/de722583-4ba4-4063-bc41-e20684978116%40eisentraut.org

5 months agodoc: adjust max_files_per_process again
Bruce Momjian [Tue, 29 Apr 2025 14:30:08 +0000 (10:30 -0400)]
doc:  adjust max_files_per_process again

Reported-by: Andres Freund
Discussion: https://postgr.es/m/5yqochswkulckuzzrwgv2nqdrfh4k4coc4uwq4lvgzkfwnbjbd@46igbiwjabn2

5 months agodoc: clarify new behavior of max_files_per_process
Bruce Momjian [Tue, 29 Apr 2025 13:45:19 +0000 (09:45 -0400)]
doc:  clarify new behavior of max_files_per_process

5 months agodoc: Small example improvement
Peter Eisentraut [Tue, 29 Apr 2025 12:40:49 +0000 (14:40 +0200)]
doc: Small example improvement

Add a comment character before a line annotation, so that the query
can be used as presented.

Reported-by: Yaroslav Saburov <y.saburov@gmail.com>
Author: Euler Taveira <euler@eulerto.com>
Reviewed-by: Robert Treat <rob@xzilla.net>
Discussion: https://www.postgresql.org/message-id/flat/174393459040.678.17810152410419444783%40wrigleys.postgresql.org

5 months agoFixes for ChangeVarNodes_walker()
Alexander Korotkov [Tue, 29 Apr 2025 11:34:44 +0000 (14:34 +0300)]
Fixes for ChangeVarNodes_walker()

This commit fixes two bug in ChangeVarNodes_walker() function.

 * When considering RestrictInfo, walk down to its clauses based on the
   presense of relid to be deleted not just in clause_relids but also in
   required_relids.

 * Incrementally adjust num_base_rels based on the change of clause_relids
   instead of recalculating it using clause_relids, which could contain
   outer-join relids.

Reported-by: Richard Guo <guofenglinux@gmail.com>
Discussion: https://postgr.es/m/CAMbWs49PE3CvnV8vrQ0Dr%3DHqgZZmX0tdNbzVNJxqc8yg-8kDQQ%40mail.gmail.com
Author: Andrei Lepikhov <lepihov@gmail.com>
Reviewed-by: Alexander Korotkov <aekorotkov@gmail.com>
5 months agopg_restore: Improve --help synopsis
Peter Eisentraut [Tue, 29 Apr 2025 09:32:49 +0000 (11:32 +0200)]
pg_restore: Improve --help synopsis

The --help synopsis should only be one line.  This rephrases the first
line a bit to reflect the new functionality of restoring multiple
databases from pg_dumpall output.  Additional explanations are better
kept in the man page.

5 months agopg_restore: Put new option in consistent order in --help output
Peter Eisentraut [Tue, 29 Apr 2025 08:59:05 +0000 (10:59 +0200)]
pg_restore: Put new option in consistent order in --help output

Also make the description a bit more consistent with similar options.

5 months agoFix assertion failure during decoding from synced slots.
Amit Kapila [Tue, 29 Apr 2025 07:22:05 +0000 (12:52 +0530)]
Fix assertion failure during decoding from synced slots.

The slot synchronization skips updating the confirmed_flush LSN of the
local slot if the local slot has a newer catalog_xmin or restart_lsn, but
still allows updating the two_phase and two_phase_at fields of the slot.
This opens up a window for the prepared transactions between old
confirmed_flush LSN and two_phase_at to unexpectedly get decoded and sent
to the downstream after promotion. Then, while decoding the commit
prepared the assert will fail, which expects that the prepare hasn't been
sent to the downstream.

The fix is to skip updating the other slot fields when we are skipping to
update the confirmed_flush LSN of the slot.

We didn't backpatch this commit as two_phase_at was not synced in back
branches, which means prepared transactions won't be unexpectedly sent to
downstream.

We discovered this problem while analyzing BF failure reported in the
discussion link.

Reliably reproducing this issue without a debugger is difficult. Given
its rarity, adding specific injection point to test it doesn't seem
worthwhile, so we won't be adding a dedicated test case.

Author: Zhijie Hou <houzj.fnst@fujitsu.com>
Reviewed-by: shveta malik <shveta.malik@gmail.com>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>
Discussion: https://postgr.es/m/OS0PR01MB5716B44052000EB91EFAE60E94BC2@OS0PR01MB5716.jpnprd01.prod.outlook.com

5 months agopg_verifybackup: Message style improvements
Peter Eisentraut [Tue, 29 Apr 2025 07:19:15 +0000 (09:19 +0200)]
pg_verifybackup: Message style improvements

5 months agotest_slru: Fix incorrect format placeholders
Peter Eisentraut [Tue, 29 Apr 2025 07:07:53 +0000 (09:07 +0200)]
test_slru: Fix incorrect format placeholders

Before commit a0ed19e0a9e there was a cast around these, but the cast
inadvertently changed the signedness, but that made the format
placeholder correct.  Commit a0ed19e0a9e removed the casts, so now the
format placeholders had the wrong signedness.

5 months agoDoc: Specify the interaction of publish_generated_columns with column list.
Amit Kapila [Tue, 29 Apr 2025 03:31:43 +0000 (09:01 +0530)]
Doc: Specify the interaction of publish_generated_columns with column list.

Author: Peter Smith <smithpb2250@gmail.com>
Reviewed-by: David G. Johnston <david.g.johnston@gmail.com>
Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>
Discussion: https://postgr.es/m/CAHut+PtnjLiNFFh-3f9cXH0wnwqjdkTjQNbVmZdZ1y+zKt_PPg@mail.gmail.com

5 months agoAdd maintenance_io_concurrency flag to some read stream users
Melanie Plageman [Mon, 28 Apr 2025 18:19:45 +0000 (14:19 -0400)]
Add maintenance_io_concurrency flag to some read stream users

Index vacuuming and [auto]prewarm AIO concurrency should be governed by
maintenance_io_concurrency. As such, pass those read stream users the
READ_STREAM_MAINTENANCE flag which will calculate their read stream
distance with maintenance_io_concurrency instead of
effective_io_concurrency. This was an oversight in the original commits
making those operations use the read stream API.

Discussion: https://postgr.es/m/flat/CAAKRu_aopDxTo4b41Mt_7Zc-z0_ngocrY8SFCCY6Aph1HgwuNw%40mail.gmail.com

5 months agoFix obsolete nbtree array advancement comment.
Peter Geoghegan [Mon, 28 Apr 2025 16:49:17 +0000 (12:49 -0400)]
Fix obsolete nbtree array advancement comment.

Checking if another primitive scan is required after all once the next
leaf page was moved from _bt_checkkeys to its _bt_readpage caller by
commit 9a2e2a28.  Update a comment that incorrectly described the
recheck mechanism as something that takes place in _bt_checkkeys.

Also fix an older typo in related code comments.

5 months agoMake NULL tuple values always advance skip arrays.
Peter Geoghegan [Mon, 28 Apr 2025 16:11:08 +0000 (12:11 -0400)]
Make NULL tuple values always advance skip arrays.

_bt_check_compare neglected to handle a case that can arise when the
scan's keys are temporarily treated as nonrequired, as an optimization:
whenever a NULL tuple value was encountered that had a skip array whose
current element wasn't already NULL, _bt_check_compare failed to advance
the array to the NULL element.  This allowed _bt_check_compare to fail
to return matching tuples containing a NULL value (though only with an
array column that came before a skip array column with NULLs, and only
during _bt_readpage calls that set pstate.forcenonrequired=true on a
page where the higher-order column also had to advance).

To fix, teach _bt_check_compare to handle this case just like any other
case where a skip array key is unsatisfied and must be advanced directly
(due to the key being considered a nonrequired key).

Oversight in commit 8a510275, which optimized nbtree search scan key
comparisons with skip arrays.

Author: Peter Geoghegan <pg@bowt.ie>
Reported-By: Mark Dilger <mark.dilger@enterprisedb.com>
Discussion: https://postgr.es/m/CAHgHdKtLFWZcjr87hMH0hYDHgcifu4Tj7iHz-xh8qsJREt5cqA@mail.gmail.com

5 months agoFix pg_dump for inherited validated not-null constraints
Álvaro Herrera [Mon, 28 Apr 2025 14:25:06 +0000 (16:25 +0200)]
Fix pg_dump for inherited validated not-null constraints

When a child constraint is validated and the parent constraint it
derives from isn't, pg_dump must be coerced into printing the child
constraint; failing to do would result in a dump that restores the
constraint as not valid, which would be incorrect.

Co-authored-by: jian he <jian.universality@gmail.com>
Co-authored-by: Álvaro Herrera <alvherre@kurilemu.de>
Reported-by: jian he <jian.universality@gmail.com>
Message-id: https://postgr.es/m/CACJufxGHNNMc0E2JphUqJMzD3=bwRSuAEVBF5ekgkG8uY0Q3hg@mail.gmail.com

5 months agopg_combinebackup: Message style improvements
Peter Eisentraut [Mon, 28 Apr 2025 12:26:49 +0000 (14:26 +0200)]
pg_combinebackup: Message style improvements

5 months agoRestore comments in ChangeVarNodesExtended()
Alexander Korotkov [Mon, 28 Apr 2025 08:20:22 +0000 (11:20 +0300)]
Restore comments in ChangeVarNodesExtended()

This commit restores comments in ChangeVarNodesExtended(), which were
accidentally removed by fc069a3a6319.

Reported-by: Richard Guo <guofenglinux@gmail.com>
Discussion: https://postgr.es/m/CAMbWs49PE3CvnV8vrQ0Dr%3DHqgZZmX0tdNbzVNJxqc8yg-8kDQQ%40mail.gmail.com

5 months agoFix xmin advancement during fast_forward decoding.
Amit Kapila [Mon, 28 Apr 2025 06:05:54 +0000 (11:35 +0530)]
Fix xmin advancement during fast_forward decoding.

During logical decoding, we advance catalog_xmin of logical too early in
fast_forward mode, resulting in required catalog data being removed by
vacuum. This mode is normally used to advance the slot without processing
the changes, but we still can't let the slot's xmin to advance to an
incorrect value.

Commit f49a80c481 fixed a similar issue where the logical slot's
catalog_xmin was getting advanced prematurely during non-fast-forward
mode. During xl_running_xacts processing, instead of directly advancing
the slot's xmin to the oldest running xid in the record, it allowed the
xmin to be held back for snapshots that can be used for
not-yet-replayed transactions, as those might consider older txns as
running too. However, it missed the fact that the same problem can happen
during fast_forward mode decoding, as we won't build a base snapshot in
that mode, and the future call to get_changes from the same slot can miss
seeing the required catalog changes leading to incorrect reslts.

This commit allows building the base snapshot even in fast_forward mode to
prevent the early advancement of xmin.

Reported-by: Amit Kapila <amit.kapila16@gmail.com>
Author: Zhijie Hou <houzj.fnst@fujitsu.com>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Reviewed-by: shveta malik <shveta.malik@gmail.com>
Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>
Backpatch-through: 13
Discussion: https://postgr.es/m/CAA4eK1LqWncUOqKijiafe+Ypt1gQAQRjctKLMY953J79xDBgAg@mail.gmail.com
Discussion: https://postgr.es/m/OS0PR01MB57163087F86621D44D9A72BF94BB2@OS0PR01MB5716.jpnprd01.prod.outlook.com

5 months agoRemove circular #include's between wait_event.h and wait_event_types.h
Michael Paquier [Mon, 28 Apr 2025 00:08:15 +0000 (09:08 +0900)]
Remove circular #include's between wait_event.h and wait_event_types.h

wait_event_types.h is generated by the code, and included wait_event.h.
wait_event.h did the opposite move, including wait_event_types.h,
causing a circular dependency between both.

wait_event_types.h only needs to now about the wait event classes, so
this information is moved into its own file, and wait_event_types.h uses
this new header so as it does not depend anymore on wait_event.h.

Note that such errors can be found with clang-tidy, with commands like
this one:
clang-tidy source_file.c --checks=misc-header-include-cycle -- \
  -I/install/path/include/ -I/install/path/include/server/

Issue introduced by fa88928470b5.

Author: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Discussion: https://postgr.es/m/350192.1745768770@sss.pgh.pa.us

5 months agoDisallow removing placeholders during Self-Join Elimination.
Alexander Korotkov [Sun, 27 Apr 2025 22:40:42 +0000 (01:40 +0300)]
Disallow removing placeholders during Self-Join Elimination.

fc069a3a6319 implements Self-Join Elimination (SJE), which can remove base
relations when appropriate.  However, regressions tests for SJE only cover
the case when placeholder variables (PHVs) are evaluated and needed only
in a single base rel.  If this baserel is removed due to SJE, its clauses,
including PHVs, will be transferred to the keeping relation.  Removing these
PHVs may trigger an error on plan creation -- thanks to the b3ff6c742f6c for
detecting that.

This commit skips removal of PHVs during SJE.  This might also happen that
we skip the removal of some PHVs that could be removed.  However, the overhead
of extra PHVs is small compared to the complexity of analysis needed to remove
them.

Reported-by: Alexander Lakhin <exclusion@gmail.com>
Author: Alena Rybakina <a.rybakina@postgrespro.ru>
Author: Andrei Lepikhov <lepihov@gmail.com>
Reviewed-by: Alexander Korotkov <aekorotkov@gmail.com>
Reviewed-by: Richard Guo <guofenglinux@gmail.com>
5 months agoRemove inappropriate inclusions of c.h and postgres_fe.h.
Tom Lane [Sun, 27 Apr 2025 20:58:57 +0000 (16:58 -0400)]
Remove inappropriate inclusions of c.h and postgres_fe.h.

Per our usual policy, Postgres header files should not include these;
the decision as to which one to use is to be made in the calling .c
file instead.

These errors aren't particularly new, but I'm not feeling a need
to back-patch these changes; it's mostly just neatnik-ism.

5 months agoDon't use double-quotes in #include's of system headers, redux.
Tom Lane [Sun, 27 Apr 2025 17:23:19 +0000 (13:23 -0400)]
Don't use double-quotes in #include's of system headers, redux.

This cleans up some loose ends left by commit e8ca9ed1d.  I hadn't
looked closely enough at these places before, but now I have.

The use of double-quoted #includes for Perl headers in plperl_system.h
seems to be simply a mistake introduced in 6c944bf3c and faithfully
copied forward since then.  (I had thought possibly it was required
by some weird Windows build setup, but there's no evidence of that in
our history.)

The occurrences in SectionMemoryManager.h and SectionMemoryManager.cpp
evidently stem from those files' origin as LLVM code.  It's
understandable that LLVM would treat their own files as needing
double-quoted #includes; but they're still system headers to us.

I also applied the same check to *.c files, and found a few other
random incorrect usages in both directions.

Our ECPG headers and test files routinely use angle brackets to refer
to ECPG headers.  I left those usages alone, since it seems reasonable
for an ECPG user to regard those headers as system headers.

5 months agoRemove circular #include's between plpython.h and plpy_util.h.
Tom Lane [Sun, 27 Apr 2025 15:43:02 +0000 (11:43 -0400)]
Remove circular #include's between plpython.h and plpy_util.h.

plpython.h included plpy_util.h, simply on the grounds that "it's
easier to just include it everywhere".  However, plpy_util.h must
include plpython.h, or it won't pass headerscheck.  While the
resulting circularity doesn't have any immediate bad effect,
it's poor design.  We have seen serious messes arise in the past
from overly-broad inclusion footprints created by such circularities,
so let's establish a project policy against it.

To fix, just replace *.c files' inclusions of plpython.h with
plpy_util.h.  They'll pull in plpython.h indirectly; indeed, almost
all have already done so via inclusions of other plpy_xxx.h headers.
(Any extensions using plpython.h can do likewise without breaking
the compatibility of their code with prior Postgres versions.)

Reported-by: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Discussion: https://postgr.es/m/aAxQ6fcY5QQV1lo3@ip-10-97-1-34.eu-west-3.compute.internal

5 months agoDon't use double-quotes in #include's of system headers.
Tom Lane [Sun, 27 Apr 2025 00:30:27 +0000 (20:30 -0400)]
Don't use double-quotes in #include's of system headers.

While few if any C compilers will complain about this, it's
inconsistent with our other #include's of the same headers.

There are some other questionable usages in
src/include/jit/SectionMemoryManager.h and
src/pl/plperl/plperl_system.h, but perhaps those have a
reason to be like that.  I can't see that these do.

Noticed while fooling around with a script to do analysis
of our header cross-inclusions.

5 months agoEliminate divide in new fast-path locking code
David Rowley [Sat, 26 Apr 2025 23:53:40 +0000 (11:53 +1200)]
Eliminate divide in new fast-path locking code

c4d5cb71d2 adjusted the fast-path locking code to allow some
configuration of the number of fast-path locking slots via the
max_locks_per_transaction GUC.  In that commit the FAST_PATH_REL_GROUP()
macro used integer division to determine the fast-path locking group slot
to use for the lock.

The divisor in this case is always a power-of-two value.  Here we swap
out the divide by a bitwise-AND, which is a significantly faster
operation to perform.

In passing, adjust the code that's setting FastPathLockGroupsPerBackend
so that it's more clear that the value being set is a power-of-two.

Also, adjust some comments in the area which contained some magic
numbers.  It seems better to justify the 1024 upper limit in the
location where the #define is made instead of where it is used.

Author: David Rowley <drowleyml@gmail.com>
Reviewed-by: Tomas Vondra <tomas@vondra.me>
Discussion: https://postgr.es/m/CAApHDvodr3bcnpxcs7+k-3cFwYR0tP-BYhyd2PpDhe-bCx9i=g@mail.gmail.com

5 months agoMatch parameter in new function to earlier equivalents
John Naylor [Sat, 26 Apr 2025 20:03:52 +0000 (03:03 +0700)]
Match parameter in new function to earlier equivalents

Oversight in commit 3c6e8c123.

5 months agodoc: improve wording of vacuum_max_eager_freeze_failure_rate
Bruce Momjian [Sat, 26 Apr 2025 15:41:23 +0000 (11:41 -0400)]
doc:  improve wording of vacuum_max_eager_freeze_failure_rate

5 months agoaio: Improve debug logging around waiting for IOs
Andres Freund [Fri, 25 Apr 2025 16:31:42 +0000 (12:31 -0400)]
aio: Improve debug logging around waiting for IOs

Trying to investigate a bug report by Alexander Lakhin made it apparent that
the debug logging around waiting for IO completion is insufficient. Fix that.

Discussion: https://postgr.es/m/h4in2db37vepagmi2oz5vvqymjasc5gyb4lpqkunj4eusu274i@37jpd3c2spd3

5 months agoFix bug allowing io_combine_limit > io_max_combine_combine limit
Andres Freund [Fri, 25 Apr 2025 16:18:27 +0000 (12:18 -0400)]
Fix bug allowing io_combine_limit > io_max_combine_combine limit

10f66468475 intended to limit the value of io_combine_limit to the minimum of
io_combine_limit and io_max_combine_limit. To avoid issues with interdependent
GUCs, it introduced io_combine_limit_guc and set io_combine_limit in assign
hooks. That plan was thwarted by guc_tables.c accidentally still referencing
io_combine_limit, instead of io_combine_limit_guc.  That lead to the GUC
machinery overriding the work done in the assign hooks, potentially leaving
io_combine_limit with a too high value.

The consequence of this bug was that when running with io_combine_limit >
io_combine_limit_guc the AIO machinery would not have reserved large enough
iovec and IO data arrays, with one IO's arrays overlapping with another IO's,
leading to total confusion.

To make such a problem easier to detect in the future, add assertions to
pgaio_io_set_handle_data_* checking the length is smaller than
io_max_combine_limit (not just PG_IOV_MAX).

It'd be nice to have a few tests for this, but it's not entirely obvious how
to do so portably.

As remarked upon by Tom, the GUC assignment hooks really shouldn't set the
underlying variable, that's the job of the GUC machinery. Change that as well.

Discussion: https://postgr.es/m/c5jyqnuwrpigd35qe7xdypxsisdjrdba5iw63mhcse4mzjogxo@qdjpv22z763f

5 months agoaio: Fix crash potential for pg_aios views due to late state update
Andres Freund [Fri, 25 Apr 2025 16:03:41 +0000 (12:03 -0400)]
aio: Fix crash potential for pg_aios views due to late state update

pgaio_io_reclaim() reset the fields in PgAioHandle before updating the state
to IDLE or incrementing the generation. For most things that's OK, but for
pg_get_aios() it is not - if it copied the PgAioHandle while fields were being
reset, we wouldn't detect that and could call
pgaio_io_get_target_description() with ioh->target == PGAIO_TID_INVALID,
leading to a crash.

Fix this issue by incrementing the generation and state earlier, before
resetting.

Also add an assertion to pgaio_io_get_target_description() for the target to
be valid - that'd have made this case a bit easier to debug. While at it,
add/update a few related assertions.

Author: Alexander Lakhin <exclusion@gmail.com>
Discussion: https://postgr.es/m/062daca9-dfad-4750-9da8-b13388301ad9@gmail.com

6 months agoFix incorrect format placeholders
Peter Eisentraut [Fri, 25 Apr 2025 14:49:30 +0000 (16:49 +0200)]
Fix incorrect format placeholders

Before commit a0ed19e0a9e there was a cast around these, but the cast
inadvertently changed the signedness, but that made the format
placeholder correct.  Commit a0ed19e0a9e removed the casts, so now the
format placeholders had the wrong signedness.