Re: HASH_BLOBS hazards (was Re: PATCH: logical_work_mem and logical streaming of large in-progress transactions)
Tom Lane <tgl@sss.pgh.pa.us>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Tighten the concurrent abort check during decoding.
- 2ce353fc1902 14.0 landed
-
Improve hash_create()'s API for some added robustness.
- b3817f5f7746 14.0 landed
-
Use HASH_BLOBS for xidhash.
- a1b8aa1e4eec 14.0 landed
-
Fix initialization of RelationSyncEntry for streaming transactions.
- 69bd60672af6 14.0 landed
-
Remove unused function declaration in logicalproto.h.
- ddd5f6d2609b 14.0 landed
-
Add additional tests to test streaming of in-progress transactions.
- 58b5ae9d62bd 14.0 landed
-
Fix inline marking introduced in commit 464824323e.
- ac15b499f7f9 14.0 landed
-
Add support for streaming to built-in logical replication.
- 464824323e57 14.0 landed
-
Fix the SharedFileSetUnregister API.
- 4ab77697f67a 14.0 landed
-
Fix comment in procarray.c
- 77c7267c37f7 14.0 cited
-
Suppress compiler warning in non-cassert builds.
- e942af7b8261 14.0 cited
-
Extend the BufFile interface.
- 808e13b282ef 14.0 landed
-
Mark a few logical decoding related variables with PGDLLIMPORT.
- b48cac3b10a0 14.0 landed
-
Implement streaming mode in ReorderBuffer.
- 7259736a6e5b 14.0 landed
-
Extend the logical decoding output plugin API with stream methods.
- 45fdc9738b36 14.0 landed
-
WAL Log invalidations at command end with wal_level=logical.
- c55040ccd017 14.0 landed
-
Immediately WAL-log subtransaction and top-level XID association.
- 0bead9af484c 14.0 landed
-
Allow logical replication to transfer data in binary format.
- 9de77b545313 14.0 cited
-
Only superuser can set sslcert/sslkey in postgres_fdw user mappings
- cebf9d6e6ee1 13.0 cited
-
Track statistics for spilling of changes from ReorderBuffer.
- 9290ad198b15 13.0 landed
-
Add logical_decoding_work_mem to limit ReorderBuffer memory usage.
- cec2edfa7859 13.0 landed
-
logical decoding: process ASSIGNMENT during snapshot build
- bac2fae05c77 13.0 cited
-
Emit invalidations to standby for transactions without xid.
- c6ff84b06a68 9.6.0 cited
Attachments
- invent-HASH_STRINGS-flag-1.patch (text/x-diff) patch
Noah Misch <noah@leadboat.com> writes: > On Sun, Dec 13, 2020 at 11:49:31AM -0500, Tom Lane wrote: >> A quick count of grep hits suggest that the large majority of >> existing hash_create() calls use HASH_BLOBS, and there might be >> only order-of-ten calls that would need to be touched if we >> required an explicit HASH_STRING flag. So option #2 is seeming >> kind of attractive. Maybe that together with an assertion that >> string keys have to exceed 8 or 16 bytes would be enough protection. > Agreed. I expect (2) gives most of the benefit. Requiring 8-byte capacity > should be harmless, and most architectures can zero 8 bytes in one > instruction. Requiring more bytes trades specificity for sensitivity. Attached is a proposed patch that requires HASH_STRINGS to be stated explicitly (in the event, there are 13 callers needing that) and insists on keysize > 8 for string keys. In examining the now-easily-visible uses of string keys, almost all of them are using NAMEDATALEN-sized keys, or in a few places larger values. Only two are smaller: 1. ShmemIndex uses SHMEM_INDEX_KEYSIZE, which is only set to 48. 2. ResetUnloggedRelationsInDbspaceDir is using OIDCHARS + 1, because it stores relfilenode OIDs as strings. That seems pretty damfool to me, so I'm inclined to change it to store binary OIDs instead; those'd be a third the size (or probably a quarter the size after alignment padding) and likely faster to hash or compare. But I didn't do that here, since it's still more than 8. (I did whack it upside the head to the extent of not storing its temporary hash table in CacheMemoryContext.) So it seems to me that insisting on keysize > 8 is fine. There are a couple of other API oddities that maybe we should think about while we're here: * Should we just have a blanket insistence that all callers supply HASH_ELEM? The default sizes that dynahash.c uses without that are undocumented and basically useless. We're already asserting that in the HASH_BLOBS path, which is the majority use-case, and this patch now asserts it for HASH_STRINGS too. * The coding convention that the HASHCTL argument struct should be pre-zeroed seems to have been ignored at a lot of call sites. I added a memset call to a couple of callers that I was touching in this patch, but I'm having second thoughts about that. Maybe we should just rip out all those memsets as pointless, since there's basically no case where you'd use the memset to fill a field that you meant to pass as zero. The fact that hash_create() doesn't read fields it's not told to by a flag means we should not need the memsets to avoid uninitialized-memory reads. regards, tom lane