Thread

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. revert: Transform OR clauses to ANY expression

  2. Fix incorrect calculation in BlockRefTableEntryGetBlocks.

  1. post-freeze damage control

    Robert Haas <robertmhaas@gmail.com> — 2024-04-08T19:47:34Z

    On Mon, Apr 8, 2024 at 10:42 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
    > Can you elaborate, which patches you think were not ready? Let's make
    > sure to capture any concrete concerns in the Open Items list.
    
    Hi,
    
    I'm moving this topic to a new thread for better visibility and less
    admixture of concerns. I'd like to invite everyone here present to
    opine on which patches we ought to be worried about. Here are a few
    picks from me to start things off. My intention here is to convey "I
    find these scary" rather than "these commits were irresponsible," so I
    respectfully ask that you don't take the choice to list your patch
    here as an attack, or the choice not to list your patch here as an
    endorsement. I'm very happy if I'm wrong and these patches are not
    actually scary. And likewise let's view any allegations of scariness
    by others as a genuine attempt to figure out what might be broken,
    rather than as an attempt to get anyone into trouble or whatever.
    
    - As I wrote about separately, I'm concerned that the failover slots
    stuff may not be in as good a shape as it needs to be for people to
    get good use out of it.
    http://postgr.es/m/CA+TgmoaA4oufUBR5B-4o83rnwGZ3zAA5UvwxDX=NjCm1TVgRsQ@mail.gmail.com
    
    - I also wrote separately about the flurry of recent table AM changes.
    http://postgr.es/m/CA+TgmoZpWB50GnJZYF1x8PenTqXDTFBH_Euu6ybGfzEy34o+5Q@mail.gmail.com
    
    - The streaming read API stuff was all committed very last minute. I
    think this should have been committed much sooner. It's probably not
    going to break the world; it's more likely to have performance
    consequences. But if it had gone in sooner, we'd have had more time to
    figure that out.
    
    - The heap pruning refactoring work, on the other hand, seems to be at
    very significant risk of breaking the world. I don't doubt the
    authors, but this is some very critical stuff and a lot of it happened
    very quickly right at the end.
    
    - Incremental backup could have all sorts of terrible data-corrupting
    bugs. 55a5ee30cd65886ff0a2e7ffef4ec2816fbec273 was a full brown-paper
    bag level fix, so the chances of there being further problems are
    probably high.
    
    - I'm slightly worried about the TID store work (ee1b30f12, 30e144287,
    667e65aac35), perhaps for no reason. Actually, the results seem really
    impressive, and a very quick look at some of the commits seemed kind
    of reassuring. But, like the changes to pruning and freezing, this is
    making some really fundamental changes to critical code. In this case,
    it's code that has evolved very little over the years and seems to
    have now evolved quite a lot.
    
    - I couldn't understand why the "Operate
    XLogCtl->log{Write,Flush}Result with atomics" code was correct when I
    read it. That's not to say I know it to be incorrect. But, a spinlock
    protecting two variables together guarantees more than atomic access
    to each of those variables separately.
    
    There's probably a lot more to worry about; there have been so
    incredibly many changes recently. But this is as far as my speculation
    extends, as of now. Comments welcome. Additional concerns also
    welcome, as noted above. And again, no offense is intended to anyone.
    
    --
    Robert Haas
    EDB: http://www.enterprisedb.com
    
    
    
    
  2. Re: post-freeze damage control

    Thomas Munro <thomas.munro@gmail.com> — 2024-04-08T21:35:00Z

    On Tue, Apr 9, 2024 at 7:47 AM Robert Haas <robertmhaas@gmail.com> wrote:
    > - The streaming read API stuff was all committed very last minute. I
    > think this should have been committed much sooner. It's probably not
    > going to break the world; it's more likely to have performance
    > consequences. But if it had gone in sooner, we'd have had more time to
    > figure that out.
    
    OK, let me give an update on this work stream (pun intended).
    
    One reason for the delay in committing was precisely that we were
    fretting about regressions risks.  We tried pretty hard to identify
    and grind down every regression we could find, and cases with
    outstanding not-fully-understood or examined problems in that area
    have been booted into the next cycle for more work: streaming bitmap
    heapscan, several streaming vacuum patches, and more, basically things
    that seem to have more complex interactions with other machinery.  The
    only three places using streaming I/O that went in were:
    
    041b9680: Use streaming I/O in ANALYZE.
    b7b0f3f2: Use streaming I/O in sequential scans.
    3a352df0: Use streaming I/O in pg_prewarm.
    
    The first is a good first exercise in streaming random blocks;
    hopefully no one would be too upset about an unexpected small
    regression in ANALYZE, but as it happens it goes faster hot and cold
    according to all reports.  The second is a good first exercise in
    streaming sequential blocks, and it ranges from faster to no
    regression, according to testing and reports.  The third is less
    important, but it also goes faster.
    
    Of those, streaming seq scan is clearly the most relevant to real
    workloads that someone might be upset about, and I made a couple of
    choices that you might say had damage control in mind:
    
    * A conservative choice not to get into the business of the issuing
    new hints to the kernel for random jumps in cold scans, even though we
    think we probably should for better performance: more research needed
    precisely to avoid unexpected interactions (cf the booted bitmap
    heapscan where that sort of thing seems to be afoot).
    * A GUC to turn off I/O combining if it somehow upsets your storage in
    ways we didn't foresee (io_combine_limit=1).
    
    For fully cached hot scans, it does seem to be quite sensitive to tiny
    changes in a hot code path that I and others spent a lot of time
    optimising and testing during the CF.  Perhaps it is possible that
    someone else's microarchitecture or compiler could show a regression
    that I don't see, and I will certainly look into it with vim and
    vigour if so.  In that case we could consider a tiny
    micro-optimisation that I've shared already (it seemed a little novel
    so I'd rather propose it in the new cycle if I can), or, if it comes
    to it based on evidence and inability to address a problem quickly,
    reverting just b7b0f3f2 which itself is a very small patch.
    
    An aspect you didn't mention is correctness.  I don't actually know
    how to prove that buffer manager protocols are correct beyond thinking
    and torture testing, ie what kind of new test harness machinery could
    be used to cross-check more things about buffer pool state explicitly,
    and that is a weakness I'm planning to look into.
    
    I realise that "these are the good ones, you should see all the stuff
    we decided not to commit!" is not an argument, I'm just laying out how
    I see the patches that went in and why I thought they were good.  It's
    almost an architectural change, but done in tiny footsteps.  I
    appreciate that people would have liked to see those particular tiny
    footsteps in some of the other fine months available for patching the
    tree, and some of the earlier underpinning patches that were part of
    the same patch series did go in around New Year, but clearly my
    "commit spreading" didn't go as well as planned after that (not helped
    by Jan/Feb summer vacation season down here).
    
    Mr Paquier this year announced his personal code freeze a few weeks
    back on social media, which seemed like an interesting idea I might
    adopt.  Perhaps that is what some other people are doing without
    saying so, and perhaps the time they are using for that is the end of
    the calendar year.  I might still be naturally inclined to crunch-like
    behaviour, but it wouldn't be at the same time as everyone else,
    except all the people who follow the same advice.
    
    
    
    
  3. Re: post-freeze damage control

    Michael Paquier <michael@paquier.xyz> — 2024-04-08T22:58:07Z

    On Tue, Apr 09, 2024 at 09:35:00AM +1200, Thomas Munro wrote:
    > Mr Paquier this year announced his personal code freeze a few weeks
    > back on social media, which seemed like an interesting idea I might
    > adopt.  Perhaps that is what some other people are doing without
    > saying so, and perhaps the time they are using for that is the end of
    > the calendar year.  I might still be naturally inclined to crunch-like
    > behaviour, but it wouldn't be at the same time as everyone else,
    > except all the people who follow the same advice.
    
    That's more linked to the fact that I was going silent without a
    laptop for a few weeks before the end of the release cycle, and a way
    to say to not count on me, while I was trying to keep my room clean to
    avoid noise for others who would rush patches.  It is a vacation
    period for schools in Japan as the fiscal year finishes at the end of
    March, while the rest of the world still studies/works, so that makes 
    trips much easier with areas being less busy when going abroad.  If
    you want to limit commit activity during this period, the answer is
    simple then: require that all the committers live in Japan.
    
    Jokes apart, I really try to split commit effort across the year and
    not rush things at the last minute.  If something's not agreed upon
    and commit-ready by the 15th of March, the chances that I would apply
    it within the release cycle are really slim.  That's a kind of
    personal policy I have in place for a few years now.
    --
    Michael
    
  4. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-08T23:16:02Z

    On 4/8/24 21:47, Robert Haas wrote:
    > On Mon, Apr 8, 2024 at 10:42 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
    >> Can you elaborate, which patches you think were not ready? Let's make
    >> sure to capture any concrete concerns in the Open Items list.
    > 
    > ...
    > 
    > - Incremental backup could have all sorts of terrible data-corrupting
    > bugs. 55a5ee30cd65886ff0a2e7ffef4ec2816fbec273 was a full brown-paper
    > bag level fix, so the chances of there being further problems are
    > probably high.
    > 
    
    I don't feel too particularly worried about this. Yes, backups are super
    important because it's often the only thing you have left when things go
    wrong, and the incremental aspect is all new. The code I've seen while
    doing the CoW-related patches seemed very precise and careful, and the
    one bug we found & fixed does not make it bad.
    
    Sure, I can't rule there being more bugs, but I've been doing some
    pretty extensive stress testing of this (doing incremental backups +
    combinebackup, and comparing the results against the source, and that
    sort of stuff). And so far only that single bug this way. I'm still
    doing this randomized stress testing, with more and more complex
    workloads etc. and I'll let keep doing that for a while.
    
    Maybe I'm a bit too happy-go-lucky, but IMO the risk here is limited.
    
    
    regards
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  5. Re: post-freeze damage control

    Michael Paquier <michael@paquier.xyz> — 2024-04-08T23:33:29Z

    On Tue, Apr 09, 2024 at 01:16:02AM +0200, Tomas Vondra wrote:
    > I don't feel too particularly worried about this. Yes, backups are super
    > important because it's often the only thing you have left when things go
    > wrong, and the incremental aspect is all new. The code I've seen while
    > doing the CoW-related patches seemed very precise and careful, and the
    > one bug we found & fixed does not make it bad.
    > 
    > Sure, I can't rule there being more bugs, but I've been doing some
    > pretty extensive stress testing of this (doing incremental backups +
    > combinebackup, and comparing the results against the source, and that
    > sort of stuff). And so far only that single bug this way. I'm still
    > doing this randomized stress testing, with more and more complex
    > workloads etc. and I'll let keep doing that for a while.
    > 
    > Maybe I'm a bit too happy-go-lucky, but IMO the risk here is limited.
    
    Even if there's a critical bug, there are still other ways to take
    backups, so there is an exit route even if a problem is found and even
    if this problem requires a complex solution to be able to work
    correctly.
    
    This worries me less than other patches like the ones around heap
    changes or the radix tree stuff for TID collection plugged into
    vacuum, which don't have explicit on/off switches AFAIK.
    --
    Michael
    
  6. Re: post-freeze damage control

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-09T02:12:16Z

    Robert Haas <robertmhaas@gmail.com> writes:
    > On Mon, Apr 8, 2024 at 10:42 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
    >> Can you elaborate, which patches you think were not ready? Let's make
    >> sure to capture any concrete concerns in the Open Items list.
    
    > Hi,
    
    > I'm moving this topic to a new thread for better visibility and less
    > admixture of concerns. I'd like to invite everyone here present to
    > opine on which patches we ought to be worried about. Here are a few
    > picks from me to start things off. My intention here is to convey "I
    > find these scary" rather than "these commits were irresponsible," so I
    > respectfully ask that you don't take the choice to list your patch
    > here as an attack, or the choice not to list your patch here as an
    > endorsement.
    
    I have another one that I'm not terribly happy about:
    
        Author: Alexander Korotkov <akorotkov@postgresql.org>
        Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    
            Transform OR clauses to ANY expression
    
    I don't know that I'd call it scary exactly, but I do think it
    was premature.  A week ago there was no consensus that it was
    ready to commit, but Alexander pushed it (or half of it, anyway)
    despite that.  A few concrete concerns:
    
    * Yet another planner GUC.  Do we really need or want that?
    
    * What the medical community would call off-label usage of
    query jumbling.  I'm not sure this is even correct as-used,
    and for sure it's using that code for something never intended.
    Nor is the added code adequately (as in, at all) documented.
    
    * Patch refuses to group anything but Consts into the SAOP
    transformation.  I realize that if you want to produce an
    array Const you need Const inputs, but I wonder why it
    wasn't considered to produce an ARRAY[] construct if there
    are available clauses with pseudo-constant (eg Param)
    comparison values.
    
    * I really, really dislike jamming this logic into prepqual.c,
    where it has no business being.  I note that it was shoved
    into process_duplicate_ors without even the courtesy of
    expanding the header comment:
    
     * process_duplicate_ors
     *	  Given a list of exprs which are ORed together, try to apply
     *	  the inverse OR distributive law.
    
    Another reason to think this wasn't a very well chosen place is
    that the file's list of #include's went from 4 entries to 11.
    Somebody should have twigged to the idea that this was off-topic
    for prepqual.c.
    
    * OrClauseGroupKey is not a Node type, so why does it have
    a NodeTag?  I wonder what value will appear in that field,
    and what will happen if the struct is passed to any code
    that expects real Nodes.
    
    I could probably find some other nits if I spent more time
    on it, but I think these are sufficient to show that this
    was not commit-ready.
    
    			regards, tom lane
    
    
    
    
  7. Re: post-freeze damage control

    Andrei Lepikhov <a.lepikhov@postgrespro.ru> — 2024-04-09T05:37:31Z

    On 9/4/2024 09:12, Tom Lane wrote:
    > I have another one that I'm not terribly happy about:
    > 
    >      Author: Alexander Korotkov <akorotkov@postgresql.org>
    >      Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    > 
    >          Transform OR clauses to ANY expression
    Because I'm primary author of the idea, let me answer.
    > 
    > I don't know that I'd call it scary exactly, but I do think it
    > was premature.  A week ago there was no consensus that it was
    > ready to commit, but Alexander pushed it (or half of it, anyway)
    > despite that.  A few concrete concerns:
    > 
    > * Yet another planner GUC.  Do we really need or want that?
    It is the most interesting question here. Looking around planner 
    features designed but not applied for the same reason because they can 
    produce suboptimal plans in corner cases, I think about inventing 
    flag-type parameters and hiding some features that work better for 
    different load types under such flagged parameters.
    > 
    > * What the medical community would call off-label usage of
    > query jumbling.  I'm not sure this is even correct as-used,
    > and for sure it's using that code for something never intended.
    > Nor is the added code adequately (as in, at all) documented.
    I agree with documentation and disagree with critics on the expression 
    jumbling. It was introduced in the core. Why don't we allow it to be 
    used to speed up machinery with some hashing?
    > 
    > * Patch refuses to group anything but Consts into the SAOP
    > transformation.  I realize that if you want to produce an
    > array Const you need Const inputs, but I wonder why it
    > wasn't considered to produce an ARRAY[] construct if there
    > are available clauses with pseudo-constant (eg Param)
    > comparison values.
    Good point. I think, we can consider that in the future.
    > 
    > * I really, really dislike jamming this logic into prepqual.c,
    > where it has no business being.  I note that it was shoved
    > into process_duplicate_ors without even the courtesy of
    > expanding the header comment:
    Yeah, I preferred to do it in parse_expr.c with the assumption of some 
    'minimal' or 'canonical' tree form. You can see this code in the 
    previous version. I think we don't have any bugs here, but we have 
    different opinions on how it should work.
    > 
    >   * process_duplicate_ors
    >   *	  Given a list of exprs which are ORed together, try to apply
    >   *	  the inverse OR distributive law.
    > 
    > Another reason to think this wasn't a very well chosen place is
    > that the file's list of #include's went from 4 entries to 11.
    > Somebody should have twigged to the idea that this was off-topic
    > for prepqual.c.
    > 
    > * OrClauseGroupKey is not a Node type, so why does it have
    > a NodeTag?  I wonder what value will appear in that field,
    > and what will happen if the struct is passed to any code
    > that expects real Nodes.
    It's a hack authored by Alexander. I guess He can provide additional 
    reasons in support of that.
    > 
    > I could probably find some other nits if I spent more time
    > on it, but I think these are sufficient to show that this
    > was not commit-ready.
    It's up to you. On the one hand, I don't see any bugs or strong 
    performance issues, and all the issues can be resolved further; on the 
    other hand, I've got your good review and some ideas to work out.
    
    -- 
    regards,
    Andrei Lepikhov
    Postgres Professional
    
    
    
    
    
  8. Re: post-freeze damage control

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-09T05:55:39Z

    Andrei Lepikhov <a.lepikhov@postgrespro.ru> writes:
    > On 9/4/2024 09:12, Tom Lane wrote:
    >> I have another one that I'm not terribly happy about:
    >> Author: Alexander Korotkov <akorotkov@postgresql.org>
    >> Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    >>     Transform OR clauses to ANY expression
    
    >> * What the medical community would call off-label usage of
    >> query jumbling.  I'm not sure this is even correct as-used,
    >> and for sure it's using that code for something never intended.
    >> Nor is the added code adequately (as in, at all) documented.
    
    > I agree with documentation and disagree with critics on the expression 
    > jumbling. It was introduced in the core. Why don't we allow it to be 
    > used to speed up machinery with some hashing?
    
    I would back up from that a good deal: why do we need to hash here in
    the first place?  There's no evidence I'm aware of that it's needful
    from a performance standpoint.
    
    >> * I really, really dislike jamming this logic into prepqual.c,
    >> where it has no business being.  I note that it was shoved
    >> into process_duplicate_ors without even the courtesy of
    >> expanding the header comment:
    
    > Yeah, I preferred to do it in parse_expr.c with the assumption of some 
    > 'minimal' or 'canonical' tree form.
    
    That seems quite the wrong direction to me.  AFAICS, the argument
    for making this transformation depends on being able to convert
    to an indexscan condition, so I would try to apply it even later,
    when we have a set of restriction conditions to apply to a particular
    baserel.  (This would weaken the argument that we need hashing
    rather than naive equal() tests even further, I think.)  Applying
    the transform to join quals seems unlikely to be a win.
    
    			regards, tom lane
    
    
    
    
  9. Re: post-freeze damage control

    Peter Eisentraut <peter@eisentraut.org> — 2024-04-09T05:59:08Z

    On 09.04.24 00:58, Michael Paquier wrote:
    > That's more linked to the fact that I was going silent without a
    > laptop for a few weeks before the end of the release cycle, and a way
    > to say to not count on me, while I was trying to keep my room clean to
    > avoid noise for others who would rush patches.  It is a vacation
    > period for schools in Japan as the fiscal year finishes at the end of
    > March, while the rest of the world still studies/works, so that makes
    > trips much easier with areas being less busy when going abroad.  If
    > you want to limit commit activity during this period, the answer is
    > simple then: require that all the committers live in Japan.
    
    Well, due to the Easter holiday being earlier this year, I adopted a 
    similar approach: Go on vacation the last week of March and watch the 
    rest from the pool. :)  So far I feel this was better for my well-being.
    
    
    
    
  10. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-09T11:24:06Z

    On 4/9/24 01:33, Michael Paquier wrote:
    > On Tue, Apr 09, 2024 at 01:16:02AM +0200, Tomas Vondra wrote:
    >> I don't feel too particularly worried about this. Yes, backups are super
    >> important because it's often the only thing you have left when things go
    >> wrong, and the incremental aspect is all new. The code I've seen while
    >> doing the CoW-related patches seemed very precise and careful, and the
    >> one bug we found & fixed does not make it bad.
    >>
    >> Sure, I can't rule there being more bugs, but I've been doing some
    >> pretty extensive stress testing of this (doing incremental backups +
    >> combinebackup, and comparing the results against the source, and that
    >> sort of stuff). And so far only that single bug this way. I'm still
    >> doing this randomized stress testing, with more and more complex
    >> workloads etc. and I'll let keep doing that for a while.
    >>
    >> Maybe I'm a bit too happy-go-lucky, but IMO the risk here is limited.
    > 
    > Even if there's a critical bug, there are still other ways to take
    > backups, so there is an exit route even if a problem is found and even
    > if this problem requires a complex solution to be able to work
    > correctly.
    > 
    
    I think it's a bit more nuanced, because it's about backups/restore. The
    bug might be subtle, and you won't learn about it until the moment when
    you need to restore (or perhaps even long after that). At which point
    "You might have taken the backup in some other way." is not really a
    viable exit route.
    
    Anyway, I'm still not worried about this particular feature, and I'll
    keep doing the stress testing.
    
    
    regards
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  11. Re: post-freeze damage control

    Robert Haas <robertmhaas@gmail.com> — 2024-04-09T12:46:46Z

    On Tue, Apr 9, 2024 at 7:24 AM Tomas Vondra
    <tomas.vondra@enterprisedb.com> wrote:
    > I think it's a bit more nuanced, because it's about backups/restore. The
    > bug might be subtle, and you won't learn about it until the moment when
    > you need to restore (or perhaps even long after that). At which point
    > "You might have taken the backup in some other way." is not really a
    > viable exit route.
    >
    > Anyway, I'm still not worried about this particular feature, and I'll
    > keep doing the stress testing.
    
    In all sincerity, I appreciate the endorsement. Basically what's been
    scaring me about this feature is the possibility that there's some
    incurable design flaw that I've managed to completely miss. If it has
    some more garden-variety bugs, that's still pretty bad: people will
    potentially lose data and be unable to get it back. But, as long as
    we're able to find the bugs and fix them, the situation should improve
    over time until, hopefully, everybody trusts it roughly as much as we
    trust, say, crash recovery. Perhaps even a bit more: I think this code
    is much better-written than our crash recovery code, which has grown
    into a giant snarl that nobody seems able to untangle, despite
    multiple refactoring attempts. However, if there's some reason why the
    approach is fundamentally unsound which I and others have failed to
    detect, then we're at risk of shipping a feature that is irretrievably
    broken. That would really suck.
    
    I'm fairly hopeful that there is no such design defect: I certainly
    can't think of one. But, it's much easier to imagine an incurable
    problem here than with, say, the recent pruning+freezing changes.
    Those changes might have bugs, and those bugs might be hard to find,
    but if they do exist and are found, they can be fixed. Here, it's a
    little less obvious that that's true. We're relying on our ability, at
    incremental backup time, to sort out from the manifest and the WAL
    summaries, what needs to be included in the backup in order for a
    subsequent pg_combinebackup operation to produce correct results. The
    basic idea is simple enough, but the details are complicated, and it
    feels like a subtle defect in the algorithm could potentially scuttle
    the whole thing. I'd certainly appreciate having more smart people try
    to think of things that I might have overlooked.
    
    -- 
    Robert Haas
    EDB: http://www.enterprisedb.com
    
    
    
    
  12. Re: post-freeze damage control

    Andrei Lepikhov <a.lepikhov@postgrespro.ru> — 2024-04-09T13:20:11Z

    On 9/4/2024 12:55, Tom Lane wrote:
    > Andrei Lepikhov <a.lepikhov@postgrespro.ru> writes:
    >>> * I really, really dislike jamming this logic into prepqual.c,
    >>> where it has no business being.  I note that it was shoved
    >>> into process_duplicate_ors without even the courtesy of
    >>> expanding the header comment:
    > 
    >> Yeah, I preferred to do it in parse_expr.c with the assumption of some
    >> 'minimal' or 'canonical' tree form.
    > 
    > That seems quite the wrong direction to me.  AFAICS, the argument
    > for making this transformation depends on being able to convert
    > to an indexscan condition, so I would try to apply it even later,
    > when we have a set of restriction conditions to apply to a particular
    > baserel.  (This would weaken the argument that we need hashing
    > rather than naive equal() tests even further, I think.)  Applying
    > the transform to join quals seems unlikely to be a win.
    Our first prototype did this job right at the stage of index path 
    creation. Unfortunately, this approach was too narrow and expensive.
    The most problematic cases we encountered were from BitmapOr paths: if 
    an incoming query has a significant number of OR clauses, the optimizer 
    spends a lot of time generating these, in most cases, senseless paths 
    (remember also memory allocated for that purpose). Imagine how much 
    worse the situation becomes when we scale it with partitions.
    Another issue we resolved with this transformation: shorter list of 
    clauses speeds up planning and, sometimes, makes cardinality estimation 
    more accurate.
    Moreover, it helps even SeqScan: attempting to find a value in the 
    hashed array is much faster than cycling a long-expression on each 
    incoming tuple.
    
    One more idea that I have set aside here is that the planner can utilize 
    quick clause hashing:
     From time to time, in the mailing list, I see disputes on different 
    approaches to expression transformation/simplification/grouping, and 
    most of the time, it ends up with the problem of search complexity. 
    Clause hash can be a way to solve this, can't it?
    
    -- 
    regards,
    Andrei Lepikhov
    Postgres Professional
    
    
    
    
    
  13. Re: post-freeze damage control

    Stefan Fercot <stefan.fercot@protonmail.com> — 2024-04-09T13:34:12Z

    Hi,
    
    On Tuesday, April 9th, 2024 at 2:46 PM, Robert Haas <robertmhaas@gmail.com> wrote:
    > In all sincerity, I appreciate the endorsement. Basically what's been
    > scaring me about this feature is the possibility that there's some
    > incurable design flaw that I've managed to completely miss. If it has
    > some more garden-variety bugs, that's still pretty bad: people will
    > potentially lose data and be unable to get it back. But, as long as
    > we're able to find the bugs and fix them, the situation should improve
    > over time until, hopefully, everybody trusts it roughly as much as we
    > trust, say, crash recovery. Perhaps even a bit more: I think this code
    > is much better-written than our crash recovery code, which has grown
    > into a giant snarl that nobody seems able to untangle, despite
    > multiple refactoring attempts. However, if there's some reason why the
    > approach is fundamentally unsound which I and others have failed to
    > detect, then we're at risk of shipping a feature that is irretrievably
    > broken. That would really suck.
    
    IMHO it totally worth shipping such long-waited feature sooner than later.
    Yes, it is a complex one, but you started advertising it since last January already, so people should already be able to play with it in Beta.
    
    And as you mentioned in your blog about the evergreen backup:
    
    > But if you're anything like me, you'll already see that this arrangement
    > has two serious weaknesses. First, if there are any data-corrupting bugs
    > in pg_combinebackup or any of the server-side code that supports
    > incremental backup, this approach could get you into big trouble.
    
    At some point, the only way to really validate a backup is to actually try to restore it.
    And if people get encouraged to do that faster thanks to incremental backups, they could detect potential issues sooner.
    Ultimately, users will still need their full backups and WAL archives.
    If pg_combinebackup fails for any reason, the fix will be to perform the recovery from the full backup directly.
    They still should be able to recover, just slower.
    
    --
    Stefan FERCOT
    Data Egret (https://dataegret.com)
    
    
    
    
  14. Re: post-freeze damage control

    Alvaro Herrera <alvherre@alvh.no-ip.org> — 2024-04-09T15:45:45Z

    On 2024-Apr-09, Stefan Fercot wrote:
    
    > At some point, the only way to really validate a backup is to actually try to restore it.
    > And if people get encouraged to do that faster thanks to incremental backups, they could detect potential issues sooner.
    > Ultimately, users will still need their full backups and WAL archives.
    > If pg_combinebackup fails for any reason, the fix will be to perform the recovery from the full backup directly.
    > They still should be able to recover, just slower.
    
    I completely agree that people should be testing the feature so that we
    can fix any bugs as soon as possible.  However, if my understanding is
    correct, restoring a full backup plus an incremental no longer needs the
    intervening WAL up to the incremental.  Users wishing to save some disk
    space might be tempted to delete that WAL.  If they do, and later it
    turns out that the full+incremental cannot be restored for whatever
    reason, they are in danger.
    
    But you're right that if they don't delete that WAL, then the full is
    restorable on its own.
    
    Maybe we should explicitly advise users to not delete that WAL from
    their archives, until pg_combinebackup is hammered a bit more.
    
    -- 
    Álvaro Herrera        Breisgau, Deutschland  —  https://www.EnterpriseDB.com/
    "I must say, I am absolutely impressed with what pgsql's implementation of
    VALUES allows me to do. It's kind of ridiculous how much "work" goes away in
    my code.  Too bad I can't do this at work (Oracle 8/9)."       (Tom Allison)
               http://archives.postgresql.org/pgsql-general/2007-06/msg00016.php
    
    
    
    
  15. Re: post-freeze damage control

    Andrey Borodin <x4mmm@yandex-team.ru> — 2024-04-09T15:59:54Z

    
    > On 9 Apr 2024, at 18:45, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
    > 
    > Maybe we should explicitly advise users to not delete that WAL from
    > their archives, until pg_combinebackup is hammered a bit more.
    
    As a backup tool maintainer, I always reference to out-of-the box Postgres tools as some bulletproof alternative.
    I really would like to stick to this reputation and not discredit these tools.
    
    
    Best regards, Andrey Borodin.
    
    
    
  16. Re: post-freeze damage control

    Peter Geoghegan <pg@bowt.ie> — 2024-04-09T16:12:36Z

    On Mon, Apr 8, 2024 at 10:12 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > I don't know that I'd call it scary exactly, but I do think it
    > was premature.  A week ago there was no consensus that it was
    > ready to commit, but Alexander pushed it (or half of it, anyway)
    > despite that.
    
    Some of the most compelling cases for the transformation will involve
    path keys. If the transformation enables the optimizer to build a
    plain index scan (or index-only scan) with useful path keys, then that
    might well lead to a far superior plan compared to what's possible
    with BitmapOrs.
    
    I understand that it'll still be possible to use OR expression
    evaluation in such cases, without applying the transformation (via
    filter quals), so in principle you don't need the transformation to
    get an index scan that can (say) terminate the scan early due to the
    presence of an "ORDER BY ... LIMIT n". But I suspect that that won't
    work out much of the time, because the planner will believe (rightly
    or wrongly) that the filter quals will incur too many heap page
    accesses.
    
    Another problem (at least as I see it) with the new
    or_to_any_transform_limit GUC is that its design seems to have nothing
    to say about the importance of these sorts of cases. Most of these
    cases will only have 2 or 3 constants, just because that's what's most
    common in general.
    
    -- 
    Peter Geoghegan
    
    
    
    
  17. Re: post-freeze damage control

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-09T16:27:22Z

    Peter Geoghegan <pg@bowt.ie> writes:
    > On Mon, Apr 8, 2024 at 10:12 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    >> I don't know that I'd call it scary exactly, but I do think it
    >> was premature.  A week ago there was no consensus that it was
    >> ready to commit, but Alexander pushed it (or half of it, anyway)
    >> despite that.
    
    > Some of the most compelling cases for the transformation will involve
    > path keys. If the transformation enables the optimizer to build a
    > plain index scan (or index-only scan) with useful path keys, then that
    > might well lead to a far superior plan compared to what's possible
    > with BitmapOrs.
    
    I did not say it isn't a useful thing to have.  I said the patch
    did not appear ready to go in.
    
    > I understand that it'll still be possible to use OR expression
    > evaluation in such cases, without applying the transformation (via
    > filter quals), so in principle you don't need the transformation to
    > get an index scan that can (say) terminate the scan early due to the
    > presence of an "ORDER BY ... LIMIT n". But I suspect that that won't
    > work out much of the time, because the planner will believe (rightly
    > or wrongly) that the filter quals will incur too many heap page
    > accesses.
    
    That's probably related to the fact that we don't have a mechanism
    for evaluating non-indexed quals against columns that are retrievable
    from the index.  We really oughta work on getting that done.  But
    I've been keeping a side eye on the work to unify plain and index-only
    scans, because that's going to touch a lot of the same code so it
    doesn't seem profitable to pursue those goals in parallel.
    
    > Another problem (at least as I see it) with the new
    > or_to_any_transform_limit GUC is that its design seems to have nothing
    > to say about the importance of these sorts of cases. Most of these
    > cases will only have 2 or 3 constants, just because that's what's most
    > common in general.
    
    Yeah, that's one of the reasons I'm dubious that the committed
    patch was ready.
    
    			regards, tom lane
    
    
    
    
  18. Re: post-freeze damage control

    Peter Geoghegan <pg@bowt.ie> — 2024-04-09T16:40:28Z

    On Tue, Apr 9, 2024 at 12:27 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > > Some of the most compelling cases for the transformation will involve
    > > path keys. If the transformation enables the optimizer to build a
    > > plain index scan (or index-only scan) with useful path keys, then that
    > > might well lead to a far superior plan compared to what's possible
    > > with BitmapOrs.
    >
    > I did not say it isn't a useful thing to have.  I said the patch
    > did not appear ready to go in.
    
    Didn't mean to suggest otherwise. I just wanted to hear your thoughts
    on this aspect of these sorts of transformations.
    
    > > I understand that it'll still be possible to use OR expression
    > > evaluation in such cases, without applying the transformation (via
    > > filter quals), so in principle you don't need the transformation to
    > > get an index scan that can (say) terminate the scan early due to the
    > > presence of an "ORDER BY ... LIMIT n". But I suspect that that won't
    > > work out much of the time, because the planner will believe (rightly
    > > or wrongly) that the filter quals will incur too many heap page
    > > accesses.
    >
    > That's probably related to the fact that we don't have a mechanism
    > for evaluating non-indexed quals against columns that are retrievable
    > from the index.  We really oughta work on getting that done.
    
    I agree that that is very important work, but I'm not sure that it
    makes all that much difference here. Even if we had that improved
    mechanism already, today, using index quals would still be strictly
    better than expression evaluation. Index quals can allow nbtree to
    skip over irrelevant parts of the index as the need arises, which is a
    significant advantage in its own right.
    
    ISTM that the planner should always prefer index quals over expression
    evaluation, on general principle, even when there's no reason to think
    it'll work out. At worst the executor has essentially the same
    physical access patterns as the expression evaluation case. On the
    other hand, providing nbtree with that context might end up being a
    great deal faster.
    
    -- 
    Peter Geoghegan
    
    
    
    
  19. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-09T19:14:35Z

    On Tue, Apr 9, 2024 at 8:55 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > Andrei Lepikhov <a.lepikhov@postgrespro.ru> writes:
    > > On 9/4/2024 09:12, Tom Lane wrote:
    > >> I have another one that I'm not terribly happy about:
    > >> Author: Alexander Korotkov <akorotkov@postgresql.org>
    > >> Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    > >>     Transform OR clauses to ANY expression
    >
    > >> * What the medical community would call off-label usage of
    > >> query jumbling.  I'm not sure this is even correct as-used,
    > >> and for sure it's using that code for something never intended.
    > >> Nor is the added code adequately (as in, at all) documented.
    >
    > > I agree with documentation and disagree with critics on the expression
    > > jumbling. It was introduced in the core. Why don't we allow it to be
    > > used to speed up machinery with some hashing?
    >
    > I would back up from that a good deal: why do we need to hash here in
    > the first place?  There's no evidence I'm aware of that it's needful
    > from a performance standpoint.
    
    I think the feature is aimed to deal with large OR lists.  I've seen a
    significant degradation on 10000 or-clause-groups.  That might seem
    like awfully a lot, but actually it's not unachievable in generated
    queries.
    
    Links.
    1. https://www.postgresql.org/message-id/CAPpHfduJtO0s9E%3DSHUTzrCD88BH0eik0UNog1_q3XBF2wLmH6g%40mail.gmail.com
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  20. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-09T19:47:37Z

    On Tue, Apr 9, 2024 at 5:12 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > * OrClauseGroupKey is not a Node type, so why does it have
    > a NodeTag?  I wonder what value will appear in that field,
    > and what will happen if the struct is passed to any code
    > that expects real Nodes.
    
    I used that to put both not-subject-of-transform nodes together with
    hash entries into the same list.  This is used to save the order of
    clauses.  I think this is an important property, and I have already
    expressed it in [1].  That could be achieved without adding NodeTag to
    hash entries, but that would require a level of indirection.  It's not
    passed to code that expects real Nodes, it doesn't go to anything
    except lists.
    
    Links.
    1. https://www.postgresql.org/message-id/CAPpHfdutHt31sdt2rfU%3D4fsDMWxf6tvtnHARgCzLY2Tf21%2Bfgw%40mail.gmail.com
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  21. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-09T20:07:56Z

    On Tue, Apr 9, 2024 at 8:37 AM Andrei Lepikhov
    <a.lepikhov@postgrespro.ru> wrote:
    > On 9/4/2024 09:12, Tom Lane wrote:
    > > I have another one that I'm not terribly happy about:
    > >
    > >      Author: Alexander Korotkov <akorotkov@postgresql.org>
    > >      Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    > >
    > >          Transform OR clauses to ANY expression
    > Because I'm primary author of the idea, let me answer.
    > >
    > > I don't know that I'd call it scary exactly, but I do think it
    > > was premature.  A week ago there was no consensus that it was
    > > ready to commit, but Alexander pushed it (or half of it, anyway)
    > > despite that.  A few concrete concerns:
    > >
    > > * Yet another planner GUC.  Do we really need or want that?
    > It is the most interesting question here. Looking around planner
    > features designed but not applied for the same reason because they can
    > produce suboptimal plans in corner cases, I think about inventing
    > flag-type parameters and hiding some features that work better for
    > different load types under such flagged parameters.
    
    Yes, I have spotted this transformation could cause a bitmap scan plan
    regressions in [1] and [2].  Fixing that required to treat ANY the
    same as OR for bitmap scans.  Andrei implemented that in [3], but that
    increases planning complexity and elimitates significant part of the
    advantages of OR-to-ANY transformation.
    
    Links.
    1. https://www.postgresql.org/message-id/CAPpHfduJtO0s9E%3DSHUTzrCD88BH0eik0UNog1_q3XBF2wLmH6g%40mail.gmail.com
    2. https://www.postgresql.org/message-id/CAPpHfdtSXxhdv3mLOLjEewGeXJ%2BFtfhjqodn1WWuq5JLsKx48g%40mail.gmail.com
    3. https://www.postgresql.org/message-id/6d27d752-db0b-4cac-9843-6ba3dd7a1e94%40postgrespro.ru
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  22. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-09T20:23:16Z

    On Tue, Apr 9, 2024 at 7:27 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > Peter Geoghegan <pg@bowt.ie> writes:
    > > On Mon, Apr 8, 2024 at 10:12 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > >> I don't know that I'd call it scary exactly, but I do think it
    > >> was premature.  A week ago there was no consensus that it was
    > >> ready to commit, but Alexander pushed it (or half of it, anyway)
    > >> despite that.
    >
    > > Some of the most compelling cases for the transformation will involve
    > > path keys. If the transformation enables the optimizer to build a
    > > plain index scan (or index-only scan) with useful path keys, then that
    > > might well lead to a far superior plan compared to what's possible
    > > with BitmapOrs.
    >
    > I did not say it isn't a useful thing to have.  I said the patch
    > did not appear ready to go in.
    >
    > > I understand that it'll still be possible to use OR expression
    > > evaluation in such cases, without applying the transformation (via
    > > filter quals), so in principle you don't need the transformation to
    > > get an index scan that can (say) terminate the scan early due to the
    > > presence of an "ORDER BY ... LIMIT n". But I suspect that that won't
    > > work out much of the time, because the planner will believe (rightly
    > > or wrongly) that the filter quals will incur too many heap page
    > > accesses.
    >
    > That's probably related to the fact that we don't have a mechanism
    > for evaluating non-indexed quals against columns that are retrievable
    > from the index.  We really oughta work on getting that done.  But
    > I've been keeping a side eye on the work to unify plain and index-only
    > scans, because that's going to touch a lot of the same code so it
    > doesn't seem profitable to pursue those goals in parallel.
    >
    > > Another problem (at least as I see it) with the new
    > > or_to_any_transform_limit GUC is that its design seems to have nothing
    > > to say about the importance of these sorts of cases. Most of these
    > > cases will only have 2 or 3 constants, just because that's what's most
    > > common in general.
    >
    > Yeah, that's one of the reasons I'm dubious that the committed
    > patch was ready.
    
    While inventing this GUC, I was thinking more about avoiding
    regressions rather than about unleashing the full power of this
    optimization.  But now I see that that wasn't good enough.  And it was
    definitely hasty to commit to this shape.  I apologize for this.
    
    Tom, I think you are way more experienced in this codebase than me.
    And, probably more importantly, more experienced in making decisions
    for planner development.  If you see some way forward to polish this
    post-commit, Andrei and I are ready to work hard on this with you.  If
    you don't see (or don't think that's good), let's revert this.
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  23. Re: post-freeze damage control

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-09T20:37:31Z

    Alexander Korotkov <aekorotkov@gmail.com> writes:
    > On Tue, Apr 9, 2024 at 5:12 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    >> * OrClauseGroupKey is not a Node type, so why does it have
    >> a NodeTag?  I wonder what value will appear in that field,
    >> and what will happen if the struct is passed to any code
    >> that expects real Nodes.
    
    > I used that to put both not-subject-of-transform nodes together with
    > hash entries into the same list.  This is used to save the order of
    > clauses.  I think this is an important property, and I have already
    > expressed it in [1].
    
    What exactly is the point of having a NodeTag in the struct though?
    If you don't need it to be a valid Node, that seems pointless and
    confusing.  We certainly have plenty of other lists that contain
    plain structs without tags, so I don't buy that the List
    infrastructure is making you do that.
    
    			regards, tom lane
    
    
    
    
  24. Re: post-freeze damage control

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-09T20:42:14Z

    Alexander Korotkov <aekorotkov@gmail.com> writes:
    > On Tue, Apr 9, 2024 at 7:27 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    >> Yeah, that's one of the reasons I'm dubious that the committed
    >> patch was ready.
    
    > While inventing this GUC, I was thinking more about avoiding
    > regressions rather than about unleashing the full power of this
    > optimization.  But now I see that that wasn't good enough.  And it was
    > definitely hasty to commit to this shape.  I apologize for this.
    
    > Tom, I think you are way more experienced in this codebase than me.
    > And, probably more importantly, more experienced in making decisions
    > for planner development.  If you see some way forward to polish this
    > post-commit, Andrei and I are ready to work hard on this with you.  If
    > you don't see (or don't think that's good), let's revert this.
    
    It wasn't ready to commit, and I think trying to fix it up post
    feature freeze isn't appropriate project management.  Let's revert
    it and work on it more in the v18 time frame.
    
    			regards, tom lane
    
    
    
    
  25. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-09T20:48:12Z

    On Tue, Apr 9, 2024 at 11:37 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > Alexander Korotkov <aekorotkov@gmail.com> writes:
    > > On Tue, Apr 9, 2024 at 5:12 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > >> * OrClauseGroupKey is not a Node type, so why does it have
    > >> a NodeTag?  I wonder what value will appear in that field,
    > >> and what will happen if the struct is passed to any code
    > >> that expects real Nodes.
    >
    > > I used that to put both not-subject-of-transform nodes together with
    > > hash entries into the same list.  This is used to save the order of
    > > clauses.  I think this is an important property, and I have already
    > > expressed it in [1].
    >
    > What exactly is the point of having a NodeTag in the struct though?
    > If you don't need it to be a valid Node, that seems pointless and
    > confusing.  We certainly have plenty of other lists that contain
    > plain structs without tags, so I don't buy that the List
    > infrastructure is making you do that.
    
    This code mixes Expr's and hash entries in the single list.  The point
    of having a NodeTag in the struct is the ability to distinguish them
    later.
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  26. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-09T20:49:43Z

    On Tue, Apr 9, 2024 at 11:42 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > Alexander Korotkov <aekorotkov@gmail.com> writes:
    > > On Tue, Apr 9, 2024 at 7:27 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > >> Yeah, that's one of the reasons I'm dubious that the committed
    > >> patch was ready.
    >
    > > While inventing this GUC, I was thinking more about avoiding
    > > regressions rather than about unleashing the full power of this
    > > optimization.  But now I see that that wasn't good enough.  And it was
    > > definitely hasty to commit to this shape.  I apologize for this.
    >
    > > Tom, I think you are way more experienced in this codebase than me.
    > > And, probably more importantly, more experienced in making decisions
    > > for planner development.  If you see some way forward to polish this
    > > post-commit, Andrei and I are ready to work hard on this with you.  If
    > > you don't see (or don't think that's good), let's revert this.
    >
    > It wasn't ready to commit, and I think trying to fix it up post
    > feature freeze isn't appropriate project management.  Let's revert
    > it and work on it more in the v18 time frame.
    
    Ok, let's do this.  I'd like to hear from you some directions for
    further development of this patch if possible.
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  27. Re: post-freeze damage control

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-09T21:05:02Z

    Alexander Korotkov <aekorotkov@gmail.com> writes:
    > On Tue, Apr 9, 2024 at 11:37 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    >> What exactly is the point of having a NodeTag in the struct though?
    >> If you don't need it to be a valid Node, that seems pointless and
    >> confusing.  We certainly have plenty of other lists that contain
    >> plain structs without tags, so I don't buy that the List
    >> infrastructure is making you do that.
    
    > This code mixes Expr's and hash entries in the single list.  The point
    > of having a NodeTag in the struct is the ability to distinguish them
    > later.
    
    If you're doing that, it really really ought to be a proper Node.
    If nothing else, that would aid debugging by allowing the list
    to be pprint'ed.
    
    			regards, tom lane
    
    
    
    
  28. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-09T23:29:38Z

    On 4/10/24 01:59, Andrey M. Borodin wrote:
    > 
    >> On 9 Apr 2024, at 18:45, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
    >>
    >> Maybe we should explicitly advise users to not delete that WAL from
    >> their archives, until pg_combinebackup is hammered a bit more.
    > 
    > As a backup tool maintainer, I always reference to out-of-the box Postgres tools as some bulletproof alternative.
    > I really would like to stick to this reputation and not discredit these tools.
    
    +1.
    
    Even so, only keeping WAL for the last backup is a dangerous move in any 
    case. Lots of things can happen to a backup (other than bugs in the 
    software) so keeping WAL back to the last full (or for all backups) is 
    always an excellent idea.
    
    Regards,
    -David
    
    
    
    
  29. Re: post-freeze damage control

    Michael Paquier <michael@paquier.xyz> — 2024-04-09T23:50:56Z

    On Wed, Apr 10, 2024 at 09:29:38AM +1000, David Steele wrote:
    > Even so, only keeping WAL for the last backup is a dangerous move in any
    > case. Lots of things can happen to a backup (other than bugs in the
    > software) so keeping WAL back to the last full (or for all backups) is
    > always an excellent idea.
    
    Yeah, that's an excellent practive, but is why I'm less worried for
    this feature.  The docs at [1] caution about "not to remove earlier
    backups if they might be needed when restoring later incremental
    backups".  Like Alvaro said, should we insist a bit more about the WAL
    retention part in this section of the docs, down to the last full
    backup?
    
    [1]: https://www.postgresql.org/docs/devel/continuous-archiving.html#BACKUP-INCREMENTAL-BACKUP
    --
    Michael
    
  30. Re: post-freeze damage control

    John Naylor <johncnaylorls@gmail.com> — 2024-04-10T01:49:38Z

    On Tue, Apr 9, 2024 at 2:47 AM Robert Haas <robertmhaas@gmail.com> wrote:
    >
    > - I'm slightly worried about the TID store work (ee1b30f12, 30e144287,
    > 667e65aac35), perhaps for no reason. Actually, the results seem really
    > impressive,
    
    First, thanks for the complement. I actually suspect if we had this
    years ago, it might never have occurred to anyone to go through the
    trouble of adding parallel index cleanup.
    
    In a funny way, it's almost too effective -- the claim is that m_w_m
    over 1GB is perfectly usable, but I haven't been able to get anywere
    near that via vacuum (we have indirectly, via bespoke dev code,
    but...). I don't have easy access to hardware that can hold a table
    big enough to do so -- vacuuming 1 billion records stays under 400MB.
    
    > and a very quick look at some of the commits seemed kind
    > of reassuring. But, like the changes to pruning and freezing, this is
    > making some really fundamental changes to critical code. In this case,
    > it's code that has evolved very little over the years and seems to
    > have now evolved quite a lot.
    
    True. I'd say that at a high level, storage and retrieval of TIDs is a
    lot simpler conceptually than other aspects of vacuuming. The
    low-level guts are now much more complex, but I'm confident it won't
    just output a wrong answer. That aspect has been working for a long
    time, and when it has broken during development, it fails very quickly
    and obviously.
    
    The more challenging aspects are less cut-and-dried, like memory
    management, delegation of responsibility, how to expose locking (which
    vacuum doesn't even use), readability/maintainability. Those are more
    subjective, but it seems to have finally clicked into place in a way
    that feels like the right trade-offs have been made. That's hand-wavy,
    I realize.
    
    The more recent follow-up commits are pieces that were discussed and
    planned for earlier, but have had less review and were left out from
    the initial commits since they're not essential to the functionality.
    I judged that test coverage was enough to have confidence in them.
    
    On Tue, Apr 9, 2024 at 6:33 AM Michael Paquier <michael@paquier.xyz> wrote:
    >
    > This worries me less than other patches like the ones around heap
    > changes or the radix tree stuff for TID collection plugged into
    > vacuum, which don't have explicit on/off switches AFAIK.
    
    Yes, there is no switch. Interestingly enough, the previous item array
    ended up with its own escape hatch to tamp down its eager allocation,
    autovacuum_work_mem. Echoing what I said to Robert, if we had the new
    storage years ago, I doubt this GUC would ever have been proposed.
    
    I'll also mention the array is still in the code base, but only in a
    test module as a standard to test against. Hopefully that offers some
    reassurance.
    
    
    
    
  31. Re: post-freeze damage control

    Robert Haas <robertmhaas@gmail.com> — 2024-04-10T14:15:29Z

    On Tue, Apr 9, 2024 at 1:59 AM Peter Eisentraut <peter@eisentraut.org> wrote:
    > On 09.04.24 00:58, Michael Paquier wrote:
    > > That's more linked to the fact that I was going silent without a
    > > laptop for a few weeks before the end of the release cycle, and a way
    > > to say to not count on me, while I was trying to keep my room clean to
    > > avoid noise for others who would rush patches.  It is a vacation
    > > period for schools in Japan as the fiscal year finishes at the end of
    > > March, while the rest of the world still studies/works, so that makes
    > > trips much easier with areas being less busy when going abroad.  If
    > > you want to limit commit activity during this period, the answer is
    > > simple then: require that all the committers live in Japan.
    >
    > Well, due to the Easter holiday being earlier this year, I adopted a
    > similar approach: Go on vacation the last week of March and watch the
    > rest from the pool. :)  So far I feel this was better for my well-being.
    
    I usually aim to have my major work for the release code complete by
    approximately September and committed by December or January. Then if
    it slips, I still have a chance of finishing before the freeze, and if
    it doesn't, then I don't have to deal with the mad flurry of activity
    at the end, and perhaps there's even time for some follow-up work
    afterwards (as in the case of IB), or just time to review some other
    patches.
    
    -- 
    Robert Haas
    EDB: http://www.enterprisedb.com
    
    
    
    
  32. Re: post-freeze damage control

    Robert Haas <robertmhaas@gmail.com> — 2024-04-10T14:26:55Z

    On Mon, Apr 8, 2024 at 10:12 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > I have another one that I'm not terribly happy about:
    >
    >     Author: Alexander Korotkov <akorotkov@postgresql.org>
    >     Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    >
    >         Transform OR clauses to ANY expression
    
    I realize that this has been reverted now, but what's really
    frustrating about this case is that I reviewed this patch before and
    gave feedback similar to some of the feedback you gave, and it just
    didn't matter, and the patch was committed anyway.
    
    > I don't know that I'd call it scary exactly, but I do think it
    > was premature.  A week ago there was no consensus that it was
    > ready to commit, but Alexander pushed it (or half of it, anyway)
    > despite that.  A few concrete concerns:
    >
    > * Yet another planner GUC.  Do we really need or want that?
    
    IMHO, no, and I said so in
    https://www.postgresql.org/message-id/CA%2BTgmob%3DebuCHFSw327b55DJzE3JtOuZ5owxob%2BMgErb4me_Ag%40mail.gmail.com
    
    > * What the medical community would call off-label usage of
    > query jumbling.  I'm not sure this is even correct as-used,
    > and for sure it's using that code for something never intended.
    > Nor is the added code adequately (as in, at all) documented.
    
    And I raised this point here:
    https://www.postgresql.org/message-id/CA%2BTgmoZCgP6FrBQEusn4yaWm02XU8OPeoEMk91q7PRBgwaAkFw%40mail.gmail.com
    
    > * Patch refuses to group anything but Consts into the SAOP
    > transformation.  I realize that if you want to produce an
    > array Const you need Const inputs, but I wonder why it
    > wasn't considered to produce an ARRAY[] construct if there
    > are available clauses with pseudo-constant (eg Param)
    > comparison values.
    >
    > * I really, really dislike jamming this logic into prepqual.c,
    > where it has no business being.  I note that it was shoved
    > into process_duplicate_ors without even the courtesy of
    > expanding the header comment:
    >
    >  * process_duplicate_ors
    >  *        Given a list of exprs which are ORed together, try to apply
    >  *        the inverse OR distributive law.
    >
    > Another reason to think this wasn't a very well chosen place is
    > that the file's list of #include's went from 4 entries to 11.
    > Somebody should have twigged to the idea that this was off-topic
    > for prepqual.c.
    
    All of this seems like it might be related to my comments in the above
    email about the transformation being done too early.
    
    > * OrClauseGroupKey is not a Node type, so why does it have
    > a NodeTag?  I wonder what value will appear in that field,
    > and what will happen if the struct is passed to any code
    > that expects real Nodes.
    
    I don't think I raised this issue.
    
    > I could probably find some other nits if I spent more time
    > on it, but I think these are sufficient to show that this
    > was not commit-ready.
    
    Just imagine if someone had taken time to give similar feedback before
    the commit.
    
    -- 
    Robert Haas
    EDB: http://www.enterprisedb.com
    
    
    
    
  33. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-10T23:36:11Z

    
    On 4/10/24 09:50, Michael Paquier wrote:
    > On Wed, Apr 10, 2024 at 09:29:38AM +1000, David Steele wrote:
    >> Even so, only keeping WAL for the last backup is a dangerous move in any
    >> case. Lots of things can happen to a backup (other than bugs in the
    >> software) so keeping WAL back to the last full (or for all backups) is
    >> always an excellent idea.
    > 
    > Yeah, that's an excellent practive, but is why I'm less worried for
    > this feature.  The docs at [1] caution about "not to remove earlier
    > backups if they might be needed when restoring later incremental
    > backups".  Like Alvaro said, should we insist a bit more about the WAL
    > retention part in this section of the docs, down to the last full
    > backup?
    
    I think that would make sense in general. But if we are doing it because 
    we lack confidence in the incremental backup feature maybe that's a sign 
    that the feature should be released as experimental (or not released at 
    all).
    
    Regards,
    -David
    
    
    
    
  34. Re: post-freeze damage control

    Tom Kincaid <tomjohnkincaid@gmail.com> — 2024-04-11T00:23:19Z

    >
    > > Yeah, that's an excellent practive, but is why I'm less worried for
    > > this feature.  The docs at [1] caution about "not to remove earlier
    > > backups if they might be needed when restoring later incremental
    > > backups".  Like Alvaro said, should we insist a bit more about the WAL
    > > retention part in this section of the docs, down to the last full
    > > backup?
    >
    > I think that would make sense in general. But if we are doing it because
    > we lack confidence in the incremental backup feature maybe that's a sign
    > that the feature should be released as experimental (or not released at
    > all).
    >
    >
    The extensive Beta process we have can be used to build confidence we need
    in a feature that has extensive review and currently has no known issues or
    outstanding objections.
    
    
    
    > Regards,
    > -David
    >
    >
    >
    
    -- 
    Thomas John Kincaid
    
  35. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-11T01:52:00Z

    On 4/11/24 10:23, Tom Kincaid wrote:
    > 
    > The extensive Beta process we have can be used to build confidence we 
    > need in a feature that has extensive review and currently has no known 
    > issues or outstanding objections.
    
    I did have objections, here [1] and here [2]. I think the complexity, 
    space requirements, and likely performance issues involved in restores 
    are going to be a real problem for users. Some of these can be addressed 
    in future releases, but I can't escape the feeling that what we are 
    releasing here is half-baked.
    
    Also, there are outstanding issues here [3] and now here [4].
    
    Regards,
    -David
    
    [1] 
    https://www.postgresql.org/message-id/590e3017-da1f-4af6-9bf0-1679511ca7e5%40pgmasters.net
    [2] 
    https://www.postgresql.org/message-id/11b38a96-6ded-4668-b772-40f992132797%40pgmasters.net
    [3] 
    https://www.postgresql.org/message-id/flat/05fb32c9-18d8-4f72-9af3-f41576c33119%40pgmasters.net#bb04b896f0f0147c10cee944a1391c1e
    [4] 
    https://www.postgresql.org/message-id/flat/9badd24d-5bd9-4c35-ba85-4c38a2feb73e%40pgmasters.net
    
    
    
    
  36. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-11T10:26:38Z

    
    On 4/11/24 03:52, David Steele wrote:
    > On 4/11/24 10:23, Tom Kincaid wrote:
    >>
    >> The extensive Beta process we have can be used to build confidence we
    >> need in a feature that has extensive review and currently has no known
    >> issues or outstanding objections.
    > 
    > I did have objections, here [1] and here [2]. I think the complexity,
    > space requirements, and likely performance issues involved in restores
    > are going to be a real problem for users. Some of these can be addressed
    > in future releases, but I can't escape the feeling that what we are
    > releasing here is half-baked.
    > 
    
    I haven't been part of those discussions, and that part of the thread is
    a couple months old already, so I'll share my view here instead.
    
    I do not think it's half-baked. I certainly agree there are limitations,
    and there's all kinds of bells and whistles we could add, but I think
    the fundamental infrastructure is corrent and a meaningful step forward.
    Would I wish it to handle .tar for example? Sure I would. But I think
    it's something we can add in the future - if we require all of this to
    happen in a single release, it'll never happen.
    
    FWIW that discussion also mentions stuff that I think the feature should
    not do. In particular, I don't think the ambition was (or should be) to
    make pg_basebackup into a stand-alone tool. I always saw pg_basebackup
    more as an interface to "backup steps" correctly rather than a complete
    backup solution that'd manage backup registry, retention, etc.
    
    > Also, there are outstanding issues here [3] and now here [4].
    > 
    
    I agree with some of this, I'll respond in the threads.
    
    
    regards
    Tomas
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  37. Re: post-freeze damage control

    Alena Rybakina <lena.ribackina@yandex.ru> — 2024-04-11T14:12:29Z

    Hi!
    
    I also worked with this patch and until your explanation I didn’t fully 
    understand the reasons why it was wrong to have this implementation when 
    removing duplicate OR expressions.
    
    Thank you, now I understand it!
    
    I agree with explanation of Andrei Lepikhov regarding the fact that 
    there were difficulties in moving the patch to another place and
    the explanation of Alexander Korotkov and Peter Geoghegan regarding the 
    need to apply this transformation.
    
    Let me just add that initially this patch tried to solve a problem where 
    50,000 OR expressions were generated and
    there was a problem running that query using a plan with BitmapScan. I 
    wrote more about this here [0].
    
    If the patch can be improved and you can tell me how, because I don’t 
    quite understand how to do it yet, to be honest, then I’ll be happy to 
    work on it too.
    
    [0] 
    https://www.postgresql.org/message-id/052172e4-6d75-8069-3179-26de339dca03%40postgrespro.ru
    
    -- 
    Regards,
    Alena Rybakina
    Postgres Professional: http://www.postgrespro.com
    The Russian Postgres Company
    
    
    
    
    
  38. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-11T21:48:12Z

    On 4/11/24 20:26, Tomas Vondra wrote:
    > 
    > On 4/11/24 03:52, David Steele wrote:
    >> On 4/11/24 10:23, Tom Kincaid wrote:
    >>>
    >>> The extensive Beta process we have can be used to build confidence we
    >>> need in a feature that has extensive review and currently has no known
    >>> issues or outstanding objections.
    >>
    >> I did have objections, here [1] and here [2]. I think the complexity,
    >> space requirements, and likely performance issues involved in restores
    >> are going to be a real problem for users. Some of these can be addressed
    >> in future releases, but I can't escape the feeling that what we are
    >> releasing here is half-baked.
    > 
    > I haven't been part of those discussions, and that part of the thread is
    > a couple months old already, so I'll share my view here instead.
    > 
    > I do not think it's half-baked. I certainly agree there are limitations,
    > and there's all kinds of bells and whistles we could add, but I think
    > the fundamental infrastructure is corrent and a meaningful step forward.
    > Would I wish it to handle .tar for example? Sure I would. But I think
    > it's something we can add in the future - if we require all of this to
    > happen in a single release, it'll never happen.
    
    Fair enough, but the current release is extremely limited and it would 
    be best if that was well understood by users.
    
    > FWIW that discussion also mentions stuff that I think the feature should
    > not do. In particular, I don't think the ambition was (or should be) to
    > make pg_basebackup into a stand-alone tool. I always saw pg_basebackup
    > more as an interface to "backup steps" correctly rather than a complete
    > backup solution that'd manage backup registry, retention, etc.
    
    Right -- this is exactly my issue. pg_basebackup was never easy to use 
    as a backup solution and this feature makes it significantly more 
    complicated. Complicated enough that it would be extremely difficult for 
    most users to utilize in a meaningful way.
    
    But they'll try because it is a new pg_basebackup feature and they'll 
    assume it is there to be used. Maybe it would be a good idea to make it 
    clear in the documentation that significant tooling will be required to 
    make it work.
    
    Regards,
    -David
    
    
    
    
  39. Re: post-freeze damage control

    Robert Haas <robertmhaas@gmail.com> — 2024-04-12T02:15:27Z

    On Thu, Apr 11, 2024 at 5:48 PM David Steele <david@pgmasters.net> wrote:
    > But they'll try because it is a new pg_basebackup feature and they'll
    > assume it is there to be used. Maybe it would be a good idea to make it
    > clear in the documentation that significant tooling will be required to
    > make it work.
    
    I don't agree with that idea. LOTS of what we ship takes a significant
    amount of effort to make it work. You may well need a connection
    pooler. You may well need a failover manager which may or may not be
    separate from your connection pooler. You need a backup tool. You need
    a replication management tool which may or may not be separate from
    your backup tool and may or may not be separate from your failover
    tool. You probably need various out-of-core connections for the
    programming languages you need. You may need a management tool, and
    you probably need a monitoring tool. Some of the tools you might
    choose to do all that stuff themselves have a whole bunch of complex
    dependencies. It's a mess.
    
    Now, if someone were to say that we ought to talk about these issues
    in our documentation and maybe give people some ideas about how to get
    started, I would likely be in favor of that, modulo the small
    political problem that various people would want their solution to be
    the canonical one to which everyone gets referred. But I think it's
    wrong to pretend like this feature is somehow special, that it's
    somehow more raw or unfinished than tons of other things. I actually
    think it's significantly *better* than a lot of other things. If we
    add a disclaimer to the documentation saying "hey, this new
    incremental backup feature is half-finished garbage!", and meanwhile
    the documentation still says "hey, you can use cp as your
    archive_command," then we have completely lost our minds.
    
    I also think that you're being more negative about this than the facts
    justify. As I said to several colleagues today, I *fully* acknowledge
    that you have a lot more practical experience in this area than I do,
    and a bunch of good ideas. I was really pleased to see you talking
    about how it would be good if these tools worked on tar files - and I
    completely agree, and I hope that will happen, and I hope to help in
    making that happen. I think there are a bunch of other problems too,
    only some of which I can guess at. However, I think saying that this
    feature is not realistically intended to be used by end-users or that
    they will not be able to do so is over the top, and is actually kind
    of insulting. There has been more enthusiasm for this feature on this
    mailing list and elsewhere than I've gotten for anything I've
    developed in years. And I don't think that's because all of the people
    who have expressed enthusiasm are silly geese who don't understand how
    terrible it is.
    
    -- 
    Robert Haas
    EDB: http://www.enterprisedb.com
    
    
    
    
  40. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-12T03:11:09Z

    
    On 4/12/24 12:15, Robert Haas wrote:
    > On Thu, Apr 11, 2024 at 5:48 PM David Steele <david@pgmasters.net> wrote:
    >> But they'll try because it is a new pg_basebackup feature and they'll
    >> assume it is there to be used. Maybe it would be a good idea to make it
    >> clear in the documentation that significant tooling will be required to
    >> make it work.
    > 
    > I don't agree with that idea. LOTS of what we ship takes a significant
    > amount of effort to make it work. You may well need a connection
    > pooler. You may well need a failover manager which may or may not be
    > separate from your connection pooler. You need a backup tool. You need
    > a replication management tool which may or may not be separate from
    > your backup tool and may or may not be separate from your failover
    > tool. You probably need various out-of-core connections for the
    > programming languages you need. You may need a management tool, and
    > you probably need a monitoring tool. Some of the tools you might
    > choose to do all that stuff themselves have a whole bunch of complex
    > dependencies. It's a mess.
    
    The difference here is you *can* use Postgres without a connection 
    pooler (I have many times) or failover (if downtime is acceptable) but 
    most people would agree that you really *need* backup.
    
    The backup tool should be clear and easy to use or misery will 
    inevitably result. pg_basebackup is difficult enough to use and automate 
    because it has no notion of a repository, no expiration, and no WAL 
    handling just to name a few things. Now there is an even more advanced 
    feature that is even harder to use. So, no, I really don't think this 
    feature is practically usable by the vast majority of end users.
    
    > Now, if someone were to say that we ought to talk about these issues
    > in our documentation and maybe give people some ideas about how to get
    > started, I would likely be in favor of that, modulo the small
    > political problem that various people would want their solution to be
    > the canonical one to which everyone gets referred. But I think it's
    > wrong to pretend like this feature is somehow special, that it's
    > somehow more raw or unfinished than tons of other things. I actually
    > think it's significantly *better* than a lot of other things. If we
    > add a disclaimer to the documentation saying "hey, this new
    > incremental backup feature is half-finished garbage!", and meanwhile
    > the documentation still says "hey, you can use cp as your
    > archive_command," then we have completely lost our minds.
    
    Fair point on cp, but that just points to an overall lack in our 
    documentation and built-in backup/recovery tools in general.
    
    > I also think that you're being more negative about this than the facts
    > justify. As I said to several colleagues today, I *fully* acknowledge
    > that you have a lot more practical experience in this area than I do,
    > and a bunch of good ideas. I was really pleased to see you talking
    > about how it would be good if these tools worked on tar files - and I
    > completely agree, and I hope that will happen, and I hope to help in
    > making that happen. I think there are a bunch of other problems too,
    > only some of which I can guess at. However, I think saying that this
    > feature is not realistically intended to be used by end-users or that
    > they will not be able to do so is over the top, and is actually kind
    > of insulting. 
    
    It is not meant to be insulting, but I still believe it to be true. 
    After years of working with users on backup problems I think I have a 
    pretty good bead on what the vast majority of admins are capable of 
    and/or willing to do. Making this feature work is pretty high above that 
    bar.
    
    If the primary motivation is to provide a feature that can be integrated 
    with third party tools, as Tomas suggests, then I guess usability is 
    somewhat moot. But you are insisting that is not the case and I just 
    don't see it that way.
    
    > There has been more enthusiasm for this feature on this
    > mailing list and elsewhere than I've gotten for anything I've
    > developed in years. And I don't think that's because all of the people
    > who have expressed enthusiasm are silly geese who don't understand how
    > terrible it is.
    
    No doubt there is enthusiasm. It's a great feature to have. In 
    particular I think the WAL summarizer is cool. But I do think the 
    shortcomings are significant and that will become very apparent when 
    people start to implement. The last minute effort to add COW support is 
    an indication of problems that people will see in the field.
    
    Further, I do think some less that ideal design decisions were made. In 
    particular, I think sidelining manifests, i.e. making them optional, is 
    not a good choice. This has led directly to the issue we see in [1]. If 
    we require a manifest to make an incremental backup, why make it 
    optional for combine?
    
    This same design decision has led us to have "marker files" for 
    zero-length files and unchanged files, which just seems extremely 
    wasteful when these could be noted in the manifest. There are good 
    reasons for writing everything out in a full backup, but for an 
    incremental that can only be reconstructed using our tool the manifest 
    should be sufficient.
    
    Maybe all of this can be improved in a future release, along with tar 
    reading, but none of those potential future improvements help me to 
    believe that this is a user-friendly feature in this release.
    
    Regards,
    -David
    
    ---
    
    [1] 
    https://www.postgresql.org/message-id/flat/9badd24d-5bd9-4c35-ba85-4c38a2feb73e%40pgmasters.net
    
    
    
    
  41. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-12T06:42:13Z

    On 4/11/24 20:26, Tomas Vondra wrote:
    > On 4/11/24 03:52, David Steele wrote:
    >> On 4/11/24 10:23, Tom Kincaid wrote:
    >>>
    >>> The extensive Beta process we have can be used to build confidence we
    >>> need in a feature that has extensive review and currently has no known
    >>> issues or outstanding objections.
    >>
    >> I did have objections, here [1] and here [2]. I think the complexity,
    >> space requirements, and likely performance issues involved in restores
    >> are going to be a real problem for users. Some of these can be addressed
    >> in future releases, but I can't escape the feeling that what we are
    >> releasing here is half-baked.
    >>
    > I do not think it's half-baked. I certainly agree there are limitations,
    > and there's all kinds of bells and whistles we could add, but I think
    > the fundamental infrastructure is corrent and a meaningful step forward.
    > Would I wish it to handle .tar for example? Sure I would. But I think
    > it's something we can add in the future - if we require all of this to
    > happen in a single release, it'll never happen.
    
    I'm not sure that I really buy this argument, anyway. It is not uncommon 
    for significant features to spend years in development before they are 
    committed. This feature went from first introduction to commit in just 
    over six months. Obviously Robert had been working on it for a while, 
    but for a feature this large six months is a sprint.
    
    Regards,
    -David
    
    
    
    
  42. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-12T12:12:34Z

    
    On 4/11/24 23:48, David Steele wrote:
    > On 4/11/24 20:26, Tomas Vondra wrote:
    >>
    >> On 4/11/24 03:52, David Steele wrote:
    >>> On 4/11/24 10:23, Tom Kincaid wrote:
    >>>>
    >>>> The extensive Beta process we have can be used to build confidence we
    >>>> need in a feature that has extensive review and currently has no known
    >>>> issues or outstanding objections.
    >>>
    >>> I did have objections, here [1] and here [2]. I think the complexity,
    >>> space requirements, and likely performance issues involved in restores
    >>> are going to be a real problem for users. Some of these can be addressed
    >>> in future releases, but I can't escape the feeling that what we are
    >>> releasing here is half-baked.
    >>
    >> I haven't been part of those discussions, and that part of the thread is
    >> a couple months old already, so I'll share my view here instead.
    >>
    >> I do not think it's half-baked. I certainly agree there are limitations,
    >> and there's all kinds of bells and whistles we could add, but I think
    >> the fundamental infrastructure is corrent and a meaningful step forward.
    >> Would I wish it to handle .tar for example? Sure I would. But I think
    >> it's something we can add in the future - if we require all of this to
    >> happen in a single release, it'll never happen.
    > 
    > Fair enough, but the current release is extremely limited and it would
    > be best if that was well understood by users.
    > 
    >> FWIW that discussion also mentions stuff that I think the feature should
    >> not do. In particular, I don't think the ambition was (or should be) to
    >> make pg_basebackup into a stand-alone tool. I always saw pg_basebackup
    >> more as an interface to "backup steps" correctly rather than a complete
    >> backup solution that'd manage backup registry, retention, etc.
    > 
    > Right -- this is exactly my issue. pg_basebackup was never easy to use
    > as a backup solution and this feature makes it significantly more
    > complicated. Complicated enough that it would be extremely difficult for
    > most users to utilize in a meaningful way.
    > 
    
    Perhaps, I agree we could/should try to do better job to do backups, no
    argument there. But I still don't quite see why introducing such
    infrastructure to "manage backups" should be up to the patch adding
    incremental backups. I see it as something to build on top of
    pg_basebackup/pg_combinebackup, not into those tools.
    
    > But they'll try because it is a new pg_basebackup feature and they'll
    > assume it is there to be used. Maybe it would be a good idea to make it
    > clear in the documentation that significant tooling will be required to
    > make it work.
    > 
    
    Sure, I'm not against making it clearer pg_combinebackup is not a
    complete backup solution, and documenting the existing restrictions.
    
    
    regards
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  43. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-12T12:27:16Z

    
    On 4/12/24 08:42, David Steele wrote:
    > On 4/11/24 20:26, Tomas Vondra wrote:
    >> On 4/11/24 03:52, David Steele wrote:
    >>> On 4/11/24 10:23, Tom Kincaid wrote:
    >>>>
    >>>> The extensive Beta process we have can be used to build confidence we
    >>>> need in a feature that has extensive review and currently has no known
    >>>> issues or outstanding objections.
    >>>
    >>> I did have objections, here [1] and here [2]. I think the complexity,
    >>> space requirements, and likely performance issues involved in restores
    >>> are going to be a real problem for users. Some of these can be addressed
    >>> in future releases, but I can't escape the feeling that what we are
    >>> releasing here is half-baked.
    >>>
    >> I do not think it's half-baked. I certainly agree there are limitations,
    >> and there's all kinds of bells and whistles we could add, but I think
    >> the fundamental infrastructure is corrent and a meaningful step forward.
    >> Would I wish it to handle .tar for example? Sure I would. But I think
    >> it's something we can add in the future - if we require all of this to
    >> happen in a single release, it'll never happen.
    > 
    > I'm not sure that I really buy this argument, anyway. It is not uncommon
    > for significant features to spend years in development before they are
    > committed. This feature went from first introduction to commit in just
    > over six months. Obviously Robert had been working on it for a while,
    > but for a feature this large six months is a sprint.
    > 
    
    Sure, but it's also not uncommon for significant features to be
    developed incrementally, over multiple releases, introducing the basic
    infrastructure first, and then expanding the capabilities later. I'd
    cite logical decoding/replication and parallel query as examples of this
    approach.
    
    It's possible there's some fundamental flaw in the WAL summarization?
    Sure, I can't rule that out, although I find it unlikely. Could there be
    bugs? Sure, that's possible, but that applies to all code.
    
    But it seems to me all the comments are about the client side, not about
    the infrastructure. Which is fair, I certainly agree it'd be nice to
    handle more use cases with less effort, but I still think the patch is a
    meaningful step forward.
    
    
    regards
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  44. Re: post-freeze damage control

    Alexander Korotkov <aekorotkov@gmail.com> — 2024-04-12T14:54:29Z

    On Wed, Apr 10, 2024 at 5:27 PM Robert Haas <robertmhaas@gmail.com> wrote:
    >
    > On Mon, Apr 8, 2024 at 10:12 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > > I have another one that I'm not terribly happy about:
    > >
    > >     Author: Alexander Korotkov <akorotkov@postgresql.org>
    > >     Branch: master [72bd38cc9] 2024-04-08 01:27:52 +0300
    > >
    > >         Transform OR clauses to ANY expression
    >
    > I realize that this has been reverted now, but what's really
    > frustrating about this case is that I reviewed this patch before and
    > gave feedback similar to some of the feedback you gave, and it just
    > didn't matter, and the patch was committed anyway.
    >
    > > I don't know that I'd call it scary exactly, but I do think it
    > > was premature.  A week ago there was no consensus that it was
    > > ready to commit, but Alexander pushed it (or half of it, anyway)
    > > despite that.  A few concrete concerns:
    > >
    > > * Yet another planner GUC.  Do we really need or want that?
    >
    > IMHO, no, and I said so in
    > https://www.postgresql.org/message-id/CA%2BTgmob%3DebuCHFSw327b55DJzE3JtOuZ5owxob%2BMgErb4me_Ag%40mail.gmail.com
    >
    > > * What the medical community would call off-label usage of
    > > query jumbling.  I'm not sure this is even correct as-used,
    > > and for sure it's using that code for something never intended.
    > > Nor is the added code adequately (as in, at all) documented.
    >
    > And I raised this point here:
    > https://www.postgresql.org/message-id/CA%2BTgmoZCgP6FrBQEusn4yaWm02XU8OPeoEMk91q7PRBgwaAkFw%40mail.gmail.com
    >
    > > * Patch refuses to group anything but Consts into the SAOP
    > > transformation.  I realize that if you want to produce an
    > > array Const you need Const inputs, but I wonder why it
    > > wasn't considered to produce an ARRAY[] construct if there
    > > are available clauses with pseudo-constant (eg Param)
    > > comparison values.
    > >
    > > * I really, really dislike jamming this logic into prepqual.c,
    > > where it has no business being.  I note that it was shoved
    > > into process_duplicate_ors without even the courtesy of
    > > expanding the header comment:
    > >
    > >  * process_duplicate_ors
    > >  *        Given a list of exprs which are ORed together, try to apply
    > >  *        the inverse OR distributive law.
    > >
    > > Another reason to think this wasn't a very well chosen place is
    > > that the file's list of #include's went from 4 entries to 11.
    > > Somebody should have twigged to the idea that this was off-topic
    > > for prepqual.c.
    >
    > All of this seems like it might be related to my comments in the above
    > email about the transformation being done too early.
    >
    > > * OrClauseGroupKey is not a Node type, so why does it have
    > > a NodeTag?  I wonder what value will appear in that field,
    > > and what will happen if the struct is passed to any code
    > > that expects real Nodes.
    >
    > I don't think I raised this issue.
    >
    > > I could probably find some other nits if I spent more time
    > > on it, but I think these are sufficient to show that this
    > > was not commit-ready.
    >
    > Just imagine if someone had taken time to give similar feedback before
    > the commit.
    
    FWIW, I made my conclusion that it isn't worth to commit stuff like
    this without explicit consent from Tom.  As well as it isn't worth to
    commit table AM changes without explicit consent from Andres.  And it
    isn't worth it to postpone large features to the last CF (it's better
    to postpone to the next release then).
    
    ------
    Regards,
    Alexander Korotkov
    
    
    
    
  45. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-12T23:03:28Z

    On 4/12/24 22:12, Tomas Vondra wrote:
    > On 4/11/24 23:48, David Steele wrote:
    >> On 4/11/24 20:26, Tomas Vondra wrote:
     >>
    >>> FWIW that discussion also mentions stuff that I think the feature should
    >>> not do. In particular, I don't think the ambition was (or should be) to
    >>> make pg_basebackup into a stand-alone tool. I always saw pg_basebackup
    >>> more as an interface to "backup steps" correctly rather than a complete
    >>> backup solution that'd manage backup registry, retention, etc.
    >>
    >> Right -- this is exactly my issue. pg_basebackup was never easy to use
    >> as a backup solution and this feature makes it significantly more
    >> complicated. Complicated enough that it would be extremely difficult for
    >> most users to utilize in a meaningful way.
    > 
    > Perhaps, I agree we could/should try to do better job to do backups, no
    > argument there. But I still don't quite see why introducing such
    > infrastructure to "manage backups" should be up to the patch adding
    > incremental backups. I see it as something to build on top of
    > pg_basebackup/pg_combinebackup, not into those tools.
    
    I'm not saying that managing backups needs to be part of pg_basebackup, 
    but I am saying without that it is not a complete backup solution. 
    Therefore introducing advanced features that the user then has to figure 
    out how to manage puts a large burden on them. Implementing 
    pg_combinebackup inefficiently out of the gate just makes their life harder.
    
    >> But they'll try because it is a new pg_basebackup feature and they'll
    >> assume it is there to be used. Maybe it would be a good idea to make it
    >> clear in the documentation that significant tooling will be required to
    >> make it work.
    > 
    > Sure, I'm not against making it clearer pg_combinebackup is not a
    > complete backup solution, and documenting the existing restrictions.
    
    Let's do that then. I think it would make sense to add caveats to the 
    pg_combinebackup docs including space requirements, being explicit about 
    the format required (e.g. plain), and also possible mitigation with COW 
    filesystems.
    
    Regards,
    -David
    
    
    
    
  46. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-12T23:23:25Z

    On 4/12/24 22:27, Tomas Vondra wrote:
    > 
    > 
    > On 4/12/24 08:42, David Steele wrote:
    >> On 4/11/24 20:26, Tomas Vondra wrote:
    >>> On 4/11/24 03:52, David Steele wrote:
    >>>> On 4/11/24 10:23, Tom Kincaid wrote:
    >>>>>
    >>>>> The extensive Beta process we have can be used to build confidence we
    >>>>> need in a feature that has extensive review and currently has no known
    >>>>> issues or outstanding objections.
    >>>>
    >>>> I did have objections, here [1] and here [2]. I think the complexity,
    >>>> space requirements, and likely performance issues involved in restores
    >>>> are going to be a real problem for users. Some of these can be addressed
    >>>> in future releases, but I can't escape the feeling that what we are
    >>>> releasing here is half-baked.
    >>>>
    >>> I do not think it's half-baked. I certainly agree there are limitations,
    >>> and there's all kinds of bells and whistles we could add, but I think
    >>> the fundamental infrastructure is corrent and a meaningful step forward.
    >>> Would I wish it to handle .tar for example? Sure I would. But I think
    >>> it's something we can add in the future - if we require all of this to
    >>> happen in a single release, it'll never happen.
    >>
    >> I'm not sure that I really buy this argument, anyway. It is not uncommon
    >> for significant features to spend years in development before they are
    >> committed. This feature went from first introduction to commit in just
    >> over six months. Obviously Robert had been working on it for a while,
    >> but for a feature this large six months is a sprint.
    >>
    > 
    > Sure, but it's also not uncommon for significant features to be
    > developed incrementally, over multiple releases, introducing the basic
    > infrastructure first, and then expanding the capabilities later. I'd
    > cite logical decoding/replication and parallel query as examples of this
    > approach.
    > 
    > It's possible there's some fundamental flaw in the WAL summarization?
    > Sure, I can't rule that out, although I find it unlikely. Could there be
    > bugs? Sure, that's possible, but that applies to all code.
    > 
    > But it seems to me all the comments are about the client side, not about
    > the infrastructure. Which is fair, I certainly agree it'd be nice to
    > handle more use cases with less effort, but I still think the patch is a
    > meaningful step forward.
    
    Yes, my comments are all about the client code. I like the 
    implementation of the WAL summarizer a lot. I don't think there is a 
    fundamental flaw in the design, either, but I wouldn't be surprised if 
    there are bugs. That's life in software development biz.
    
    Even for the summarizer, though, I do worry about the complexity of 
    maintaining it over time. It seems like it would be very easy to 
    introduce a bug and have it go unnoticed until it causes problems in the 
    field. A lot of testing was done outside of the test suite for this 
    feature and I'm not sure if we can rely on that focus with every release.
    
    For me an incremental approach would be to introduce the WAL summarizer 
    first. There are already plenty of projects that do page-level 
    incremental (WAL-G, pg_probackup, pgBackRest) and could help shake out 
    the bugs. Then introduce the client tools later when they are more 
    robust. Or, release the client tools now but mark them as experimental 
    or something so people know that changes are coming and they don't get 
    blindsided by that in the next release. Or, at the very least, make the 
    caveats very clear so users can make an informed choice.
    
    Regards,
    -David
    
    
    
    
  47. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-13T10:18:08Z

    
    On 4/13/24 01:03, David Steele wrote:
    > On 4/12/24 22:12, Tomas Vondra wrote:
    >> On 4/11/24 23:48, David Steele wrote:
    >>> On 4/11/24 20:26, Tomas Vondra wrote:
    >>>
    >>>> FWIW that discussion also mentions stuff that I think the feature
    >>>> should
    >>>> not do. In particular, I don't think the ambition was (or should be) to
    >>>> make pg_basebackup into a stand-alone tool. I always saw pg_basebackup
    >>>> more as an interface to "backup steps" correctly rather than a complete
    >>>> backup solution that'd manage backup registry, retention, etc.
    >>>
    >>> Right -- this is exactly my issue. pg_basebackup was never easy to use
    >>> as a backup solution and this feature makes it significantly more
    >>> complicated. Complicated enough that it would be extremely difficult for
    >>> most users to utilize in a meaningful way.
    >>
    >> Perhaps, I agree we could/should try to do better job to do backups, no
    >> argument there. But I still don't quite see why introducing such
    >> infrastructure to "manage backups" should be up to the patch adding
    >> incremental backups. I see it as something to build on top of
    >> pg_basebackup/pg_combinebackup, not into those tools.
    > 
    > I'm not saying that managing backups needs to be part of pg_basebackup,
    > but I am saying without that it is not a complete backup solution.
    > Therefore introducing advanced features that the user then has to figure
    > out how to manage puts a large burden on them. Implementing
    > pg_combinebackup inefficiently out of the gate just makes their life
    > harder.
    > 
    
    I agree with this in general, but I fail to see how it'd be the fault of
    this patch. It merely extends what pg_basebackup did before, so if it's
    not a complete solution now, it wasn't a complete solution before.
    
    Sure, I 100% agree it'd be great to have a more efficient
    pg_combinebackup with fewer restrictions. But if we make these
    limitations clear, I think it's better to have this than having nothing.
    
    >>> But they'll try because it is a new pg_basebackup feature and they'll
    >>> assume it is there to be used. Maybe it would be a good idea to make it
    >>> clear in the documentation that significant tooling will be required to
    >>> make it work.
    >>
    >> Sure, I'm not against making it clearer pg_combinebackup is not a
    >> complete backup solution, and documenting the existing restrictions.
    > 
    > Let's do that then. I think it would make sense to add caveats to the
    > pg_combinebackup docs including space requirements, being explicit about
    > the format required (e.g. plain), and also possible mitigation with COW
    > filesystems.
    > 
    
    OK. I'll add this as an open item, for me and Robert.
    
    
    regards
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  48. Re: post-freeze damage control

    Tomas Vondra <tomas.vondra@enterprisedb.com> — 2024-04-13T11:02:03Z

    
    On 4/13/24 01:23, David Steele wrote:
    > On 4/12/24 22:27, Tomas Vondra wrote:
    >>
    >>
    >> On 4/12/24 08:42, David Steele wrote:
    >>> On 4/11/24 20:26, Tomas Vondra wrote:
    >>>> On 4/11/24 03:52, David Steele wrote:
    >>>>> On 4/11/24 10:23, Tom Kincaid wrote:
    >>>>>>
    >>>>>> The extensive Beta process we have can be used to build confidence we
    >>>>>> need in a feature that has extensive review and currently has no
    >>>>>> known
    >>>>>> issues or outstanding objections.
    >>>>>
    >>>>> I did have objections, here [1] and here [2]. I think the complexity,
    >>>>> space requirements, and likely performance issues involved in restores
    >>>>> are going to be a real problem for users. Some of these can be
    >>>>> addressed
    >>>>> in future releases, but I can't escape the feeling that what we are
    >>>>> releasing here is half-baked.
    >>>>>
    >>>> I do not think it's half-baked. I certainly agree there are
    >>>> limitations,
    >>>> and there's all kinds of bells and whistles we could add, but I think
    >>>> the fundamental infrastructure is corrent and a meaningful step
    >>>> forward.
    >>>> Would I wish it to handle .tar for example? Sure I would. But I think
    >>>> it's something we can add in the future - if we require all of this to
    >>>> happen in a single release, it'll never happen.
    >>>
    >>> I'm not sure that I really buy this argument, anyway. It is not uncommon
    >>> for significant features to spend years in development before they are
    >>> committed. This feature went from first introduction to commit in just
    >>> over six months. Obviously Robert had been working on it for a while,
    >>> but for a feature this large six months is a sprint.
    >>>
    >>
    >> Sure, but it's also not uncommon for significant features to be
    >> developed incrementally, over multiple releases, introducing the basic
    >> infrastructure first, and then expanding the capabilities later. I'd
    >> cite logical decoding/replication and parallel query as examples of this
    >> approach.
    >>
    >> It's possible there's some fundamental flaw in the WAL summarization?
    >> Sure, I can't rule that out, although I find it unlikely. Could there be
    >> bugs? Sure, that's possible, but that applies to all code.
    >>
    >> But it seems to me all the comments are about the client side, not about
    >> the infrastructure. Which is fair, I certainly agree it'd be nice to
    >> handle more use cases with less effort, but I still think the patch is a
    >> meaningful step forward.
    > 
    > Yes, my comments are all about the client code. I like the
    > implementation of the WAL summarizer a lot. I don't think there is a
    > fundamental flaw in the design, either, but I wouldn't be surprised if
    > there are bugs. That's life in software development biz.
    > 
    
    Agreed.
    
    > Even for the summarizer, though, I do worry about the complexity of
    > maintaining it over time. It seems like it would be very easy to
    > introduce a bug and have it go unnoticed until it causes problems in the
    > field. A lot of testing was done outside of the test suite for this
    > feature and I'm not sure if we can rely on that focus with every release.
    > 
    
    I'm not sure there's a simpler way to implement this. I haven't really
    worked on that part (not until the CoW changes a couple weeks ago), but
    I think Robert was very conscious of the complexity.
    
    I don't think expect this code to change very often, but I agree it's
    not great to rely on testing outside the regular regression test suite.
    But I'm not sure how much more we can do, really - for example my
    testing was very much "randomized stress testing" with a lot of data and
    long runs, looking for unexpected stuff. That's not something we could
    do in the usual regression tests, I think.
    
    But if you have suggestions how to extend the testing ...
    
    > For me an incremental approach would be to introduce the WAL summarizer
    > first. There are already plenty of projects that do page-level
    > incremental (WAL-G, pg_probackup, pgBackRest) and could help shake out
    > the bugs. Then introduce the client tools later when they are more
    > robust. Or, release the client tools now but mark them as experimental
    > or something so people know that changes are coming and they don't get
    > blindsided by that in the next release. Or, at the very least, make the
    > caveats very clear so users can make an informed choice.
    > 
    
    I don't think introducing just the summarizer, without any client tools,
    would really work. How would we even test the summarizer, for example?
    If the only users of that code are external tools, we'd do only some
    very rudimentary tests. But the more complex tests would happen in the
    external tools, which means it wouldn't be covered by cfbot, buildfarm
    and so on. Considering the external tools are likely a bit behind, It's
    not clear to me how I would do the stress testing, for example.
    
    IMHO we should aim to have in-tree clients when possible, even if some
    external tools can do more advanced stuff etc.
    
    This however reminds me my question is the summarizer provides the right
    interface(s) for the external tools. One option is to do pg_basebackup
    and then parse the incremental files, but is that suitable for the
    external tools, or should there be a more convenient way?
    
    
    regards
    
    -- 
    Tomas Vondra
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
    
    
  49. Re: post-freeze damage control

    David Steele <david@pgmasters.net> — 2024-04-15T03:17:51Z

    On 4/13/24 21:02, Tomas Vondra wrote:
    > On 4/13/24 01:23, David Steele wrote:
    > 
    >> Even for the summarizer, though, I do worry about the complexity of
    >> maintaining it over time. It seems like it would be very easy to
    >> introduce a bug and have it go unnoticed until it causes problems in the
    >> field. A lot of testing was done outside of the test suite for this
    >> feature and I'm not sure if we can rely on that focus with every release.
    >>
    > 
    > I'm not sure there's a simpler way to implement this. I haven't really
    > worked on that part (not until the CoW changes a couple weeks ago), but
    > I think Robert was very conscious of the complexity.
    > 
    > I don't think expect this code to change very often, but I agree it's
    > not great to rely on testing outside the regular regression test suite.
    > But I'm not sure how much more we can do, really - for example my
    > testing was very much "randomized stress testing" with a lot of data and
    > long runs, looking for unexpected stuff. That's not something we could
    > do in the usual regression tests, I think.
    > 
    > But if you have suggestions how to extend the testing ...
    
    Doing stress testing in the regular test suite is obviously a problem 
    due to runtime, but it would still be great to see tests for issues that 
    were found during external stress testing.
    
    For example, the issue you and Jakub found was fixed in 55a5ee30 but 
    there is no accompanying test and no existing test was broken by the change.
    
    >> For me an incremental approach would be to introduce the WAL summarizer
    >> first. There are already plenty of projects that do page-level
    >> incremental (WAL-G, pg_probackup, pgBackRest) and could help shake out
    >> the bugs. Then introduce the client tools later when they are more
    >> robust. Or, release the client tools now but mark them as experimental
    >> or something so people know that changes are coming and they don't get
    >> blindsided by that in the next release. Or, at the very least, make the
    >> caveats very clear so users can make an informed choice.
    >>
    > 
    > I don't think introducing just the summarizer, without any client tools,
    > would really work. How would we even test the summarizer, for example?
    > If the only users of that code are external tools, we'd do only some
    > very rudimentary tests. But the more complex tests would happen in the
    > external tools, which means it wouldn't be covered by cfbot, buildfarm
    > and so on. Considering the external tools are likely a bit behind, It's
    > not clear to me how I would do the stress testing, for example.
    > 
    > IMHO we should aim to have in-tree clients when possible, even if some
    > external tools can do more advanced stuff etc.
    > 
    > This however reminds me my question is the summarizer provides the right
    > interface(s) for the external tools. One option is to do pg_basebackup
    > and then parse the incremental files, but is that suitable for the
    > external tools, or should there be a more convenient way?
    
    Running a pg_basebackup to get the incremental changes would not be at 
    all satisfactory. Luckily there are the 
    pg_wal_summary_contents()/pg_available_wal_summaries() functions, which 
    seem to provide the required information. I have not played with them 
    much but I think they will do the trick.
    
    They are pretty awkward to work with since they are essentially 
    time-series data but what you'd really want, I think, is the ability to 
    get page changes for a particular relfileid/segment.
    
    Regards,
    -David
    
    
    
    
  50. Re: post-freeze damage control

    Stefan Fercot <stefan.fercot@protonmail.com> — 2024-04-16T08:47:14Z

    Hi,
    
    On Saturday, April 13th, 2024 at 12:18 PM, Tomas Vondra wrote:
    > On 4/13/24 01:03, David Steele wrote:
    > > On 4/12/24 22:12, Tomas Vondra wrote:
    > > > On 4/11/24 23:48, David Steele wrote:
    > > > > On 4/11/24 20:26, Tomas Vondra wrote:
    > > > > 
    > > > > > FWIW that discussion also mentions stuff that I think the feature
    > > > > > should
    > > > > > not do. In particular, I don't think the ambition was (or should be) to
    > > > > > make pg_basebackup into a stand-alone tool. I always saw pg_basebackup
    > > > > > more as an interface to "backup steps" correctly rather than a complete
    > > > > > backup solution that'd manage backup registry, retention, etc.
    > > > > 
    > > > > Right -- this is exactly my issue. pg_basebackup was never easy to use
    > > > > as a backup solution and this feature makes it significantly more
    > > > > complicated. Complicated enough that it would be extremely difficult for
    > > > > most users to utilize in a meaningful way.
    
    pg_basebackup has its own use-cases IMHO. It is very handy to simply take a copy of the running cluster, thanks to its ability to carry on the needed WAL segs without the user even needing to think about archive_command/pg_receivewal. And for this kind of tasks, the new incremental thing will not really be interesting and won't make things more complicated.
    
    I totally agree that we don't have any complete backup solution in core though. And adding more tools to the picture (pg_basebackup, pg_combinebackup, pg_receivewal, pg_verifybackup,...) will increase the need of on-top orchestration. But that's not new. And for people already having such orchestration, having the incremental feature will help.
    
    > > > Perhaps, I agree we could/should try to do better job to do backups, no
    > > > argument there. But I still don't quite see why introducing such
    > > > infrastructure to "manage backups" should be up to the patch adding
    > > > incremental backups. I see it as something to build on top of
    > > > pg_basebackup/pg_combinebackup, not into those tools.
    > > 
    > > I'm not saying that managing backups needs to be part of pg_basebackup,
    > > but I am saying without that it is not a complete backup solution.
    > > Therefore introducing advanced features that the user then has to figure
    > > out how to manage puts a large burden on them. Implementing
    > > pg_combinebackup inefficiently out of the gate just makes their life
    > > harder.
    > 
    > I agree with this in general, but I fail to see how it'd be the fault of
    > this patch. It merely extends what pg_basebackup did before, so if it's
    > not a complete solution now, it wasn't a complete solution before.
    
    +1. We can see it as a step to having a better backup solution in core for the future, but we definitely shouldn't rule out the fact that lots of people already developed such orchestration (home-made or relying to pgbarman, pgbackrest, wal-g,...). IMHO, if we're trying to extend the in core features, we should also aim at giving more lights and features for those tools (like adding more fields to the backup functions,...).
    
    > > > Sure, I'm not against making it clearer pg_combinebackup is not a
    > > > complete backup solution, and documenting the existing restrictions.
    > > 
    > > Let's do that then. I think it would make sense to add caveats to the
    > > pg_combinebackup docs including space requirements, being explicit about
    > > the format required (e.g. plain), and also possible mitigation with COW
    > > filesystems.
    > 
    > OK. I'll add this as an open item, for me and Robert.
    
    Thanks for this! It's probably not up to core docs to state all the steps that would be needed to develop a complete backup solution but documenting the links between the tools and mostly all the caveats (the "don't use INCREMENTAL.* filenames",...) will help users not be caught off guard. And as I mentioned in [1], IMO the earlier we can catch a potential issue (wrong filename, missing file,...), the better for the user.
    
    Thank you all for working on this.
    Kind Regards,
    --
    Stefan FERCOT
    Data Egret (https://dataegret.com)
    
    [1] https://www.postgresql.org/message-id/vJnnuiaye5rNnCPN8h3xN1Y3lyUDESIgEQnR-Urat9_ld_fozShSJbEk8JDM_3K6BVt5HXT-CatWpSfEZkYVeymlrxKO2_kfKmVZNWyCuJc%3D%40protonmail.com
    
    
    
    
  51. Re: post-freeze damage control

    Jeff Davis <pgsql@j-davis.com> — 2024-04-16T23:20:25Z

    On Mon, 2024-04-08 at 15:47 -0400, Robert Haas wrote:
    > - I couldn't understand why the "Operate
    > XLogCtl->log{Write,Flush}Result with atomics" code was correct when I
    > read it.
    
    I reviewed ee1cbe806d. It followed a good process of discussion and
    review. It was a bit close to the feature freeze for comfort, but did
    not feel rushed, to me.
    
    Additional eyes are always welcome. There are also some related commits
    in that area like f3ff7bf83b, c9920a9068 and 91f2cae7a4.
    
    > But, a spinlock
    > protecting two variables together guarantees more than atomic access
    > to each of those variables separately.
    
    We maintain the invariant:
    
       XLogCtl->logFlushResult <= XLogCtl->logWriteResult
    
    and the non-shared version:
    
       LogwrtResult.Flush <= LogwrtResult.Write
    
    and that the requests don't fall behind the results:
    
       XLogCtl->LogwrtRqst.Write >= XLogCtl->logWriteResult &&
       XLogCtl->LogwrtRqst.Flush >= XLogCtl->logFlushResult
    
    Are you concerned that:
    
      (a) you aren't convinced that we're maintaining the invariants
    properly? or
      (b) you aren't convinced that the invariant is strong enough, and
    that there are other variables that we aren't considering?
    
    And if you think this is right after all, where could we add some
    clarification?
    
    Regards,
    	Jeff Davis
    
    
    
    
    
  52. Re: post-freeze damage control

    Robert Haas <robertmhaas@gmail.com> — 2024-04-22T19:19:15Z

    On Tue, Apr 16, 2024 at 7:20 PM Jeff Davis <pgsql@j-davis.com> wrote:
    > We maintain the invariant:
    >
    >    XLogCtl->logFlushResult <= XLogCtl->logWriteResult
    >
    > and the non-shared version:
    >
    >    LogwrtResult.Flush <= LogwrtResult.Write
    >
    > and that the requests don't fall behind the results:
    
    I had missed the fact that this commit added a bunch of read and write
    barriers; and I think that's the main reason why I was concerned. The
    existence of those barriers, and the invariants they are intended to
    maintain, makes me feel better about it.
    
    Thanks for writing back about this!
    
    -- 
    Robert Haas
    EDB: http://www.enterprisedb.com
    
    
    
    
  53. Re: post-freeze damage control

    Alena Rybakina <lena.ribackina@yandex.ru> — 2024-06-18T10:05:23Z

    Hi! Unfortunately,Iwas notableto fullyunderstandyourmessage.Couldyou 
    explainit to meplease?
    
    On 09.04.2024 16:20, Andrei Lepikhov wrote:
    >
    > Moreover, it helps even SeqScan: attempting to find a value in the 
    > hashed array is much faster than cycling a long-expression on each 
    > incoming tuple.
    
    AsIunderstandit,youtalkedaboutspeedingupSeqScan 
    byfasterre-searchingthroughthe useof a hashtable. Atthe same time, 
    wehaveto builditbeforethat,whenthere was the initiallookuptuples,right?
    
    Ifoundthisinformationinthe ExecEvalHashedScalarArrayOp 
    function,andIassumeyoumeantthisfunctioninyourmessage.
    
    But I couldn't find information, when you told about cycling a 
    long-expression on each incoming tuple. Could you ask me what function 
    you were talking about or maybe functionality? I saw ExecSeqScan 
    function, but I didn't see it.
    
    -- 
    Regards,
    Alena Rybakina
    Postgres Professional:http://www.postgrespro.com
    The Russian Postgres Company
    
  54. Re: post-freeze damage control

    Alena Rybakina <lena.ribackina@yandex.ru> — 2024-06-18T11:56:34Z

    Sorry, I've just noticed that the letter is shown incorrectly. I rewrote 
    it below.
    
    As I understand it, you talked about speeding up SeqScan by faster 
    re-searching through the use of a hash table. At the same time, we have 
    to build it before that, when there was the initial lookup tuples, right?
    
    I found this information in the ExecEvalHashedScalarArrayOp function, 
    and I assume you meant this function in your message, right?
    
    But I couldn't find information, when you told about cycling a 
    long-expression on each incoming tuple. Could you ask me what function 
    you were talking about or maybe functionality? I saw ExecSeqScan 
    function, but I didn't see it.
    
    On 18.06.2024 13:05, Alena Rybakina wrote:
    >
    > Hi! Unfortunately,Iwas notableto fullyunderstandyourmessage.Couldyou 
    > explainit to meplease?
    >
    > On 09.04.2024 16:20, Andrei Lepikhov wrote:
    >>
    >> Moreover, it helps even SeqScan: attempting to find a value in the 
    >> hashed array is much faster than cycling a long-expression on each 
    >> incoming tuple.
    >
    > AsIunderstandit,youtalkedaboutspeedingupSeqScan 
    > byfasterre-searchingthroughthe useof a hashtable. Atthe same time, 
    > wehaveto builditbeforethat,whenthere was the initiallookuptuples,right?
    >
    > Ifoundthisinformationinthe ExecEvalHashedScalarArrayOp 
    > function,andIassumeyoumeantthisfunctioninyourmessage.
    >
    > But I couldn't find information, when you told about cycling a 
    > long-expression on each incoming tuple. Could you ask me what function 
    > you were talking about or maybe functionality? I saw ExecSeqScan 
    > function, but I didn't see it.
    >
    > -- 
    > Regards,
    > Alena Rybakina
    > Postgres Professional:http://www.postgrespro.com
    > The Russian Postgres Company
    
    -- 
    Regards,
    Alena Rybakina
    Postgres Professional:http://www.postgrespro.com
    The Russian Postgres Company