Re: Avoid orphaned objects dependencies, take 3

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Cc: Jeff Davis <pgsql@j-davis.com>, Roman Eskin <r.eskin@arenadata.io>, Michael Paquier <michael@paquier.xyz>, Alexander Lakhin <exclusion@gmail.com>, pgsql-hackers@lists.postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-05-13T20:20:21Z
Lists: pgsql-hackers
On Tue, Apr 28, 2026 at 7:17 AM Bertrand Drouvot
<bertranddrouvot.pg@gmail.com> wrote:
> 0003: Add Assert guard to detect permission check before lock regressions
>
> Add instrumentation under USE_ASSERT_CHECKING to detect cases where object_aclcheck()
> is called on a referenced object before a lock is held on it, which would widen
> the TOCTOU window between the permission check and the dependency recording.

I really like the idea of having some kind of cross-check system that
can detect future (or current) coding mistakes. But what I wonder
about this mechanism is: should we instead be insisting that we take a
lock and check permissions on every dependency? Is it an error to
record a dependency on an object without any sort of permissions
check?

Also, I think the mechanism might not be entirely safe. ProcessUtility
can result in executing user-defined functions which could
theoretically run other DDL and then it seems like this code would get
confused.

-- 
Robert Haas
EDB: http://www.enterprisedb.com