Re: Avoid orphaned objects dependencies, take 3
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Cc: Jeff Davis <pgsql@j-davis.com>, Roman Eskin <r.eskin@arenadata.io>, Michael Paquier <michael@paquier.xyz>,
Alexander Lakhin <exclusion@gmail.com>, pgsql-hackers@lists.postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-05-13T20:20:21Z
Lists: pgsql-hackers
On Tue, Apr 28, 2026 at 7:17 AM Bertrand Drouvot <bertranddrouvot.pg@gmail.com> wrote: > 0003: Add Assert guard to detect permission check before lock regressions > > Add instrumentation under USE_ASSERT_CHECKING to detect cases where object_aclcheck() > is called on a referenced object before a lock is held on it, which would widen > the TOCTOU window between the permission check and the dependency recording. I really like the idea of having some kind of cross-check system that can detect future (or current) coding mistakes. But what I wonder about this mechanism is: should we instead be insisting that we take a lock and check permissions on every dependency? Is it an error to record a dependency on an object without any sort of permissions check? Also, I think the mechanism might not be entirely safe. ProcessUtility can result in executing user-defined functions which could theoretically run other DDL and then it seems like this code would get confused. -- Robert Haas EDB: http://www.enterprisedb.com