Thread

  1. Re: Avoid orphaned objects dependencies, take 3

    Robert Haas <robertmhaas@gmail.com> — 2026-05-13T20:20:21Z

    On Tue, Apr 28, 2026 at 7:17 AM Bertrand Drouvot
    <bertranddrouvot.pg@gmail.com> wrote:
    > 0003: Add Assert guard to detect permission check before lock regressions
    >
    > Add instrumentation under USE_ASSERT_CHECKING to detect cases where object_aclcheck()
    > is called on a referenced object before a lock is held on it, which would widen
    > the TOCTOU window between the permission check and the dependency recording.
    
    I really like the idea of having some kind of cross-check system that
    can detect future (or current) coding mistakes. But what I wonder
    about this mechanism is: should we instead be insisting that we take a
    lock and check permissions on every dependency? Is it an error to
    record a dependency on an object without any sort of permissions
    check?
    
    Also, I think the mechanism might not be entirely safe. ProcessUtility
    can result in executing user-defined functions which could
    theoretically run other DDL and then it seems like this code would get
    confused.
    
    -- 
    Robert Haas
    EDB: http://www.enterprisedb.com