Thread
Commits
-
Fix improper uses of canonicalize_qual().
- 925581d89cee 9.3.23 landed
- e556fb137279 9.4.18 landed
- e2ed3c4a3002 10.4 landed
- 976e5844ef53 9.6.9 landed
- 4a4e2442a7f7 11.0 landed
- 106d588055a2 9.5.13 landed
-
Bogus use of canonicalize_qual
Tom Lane <tgl@sss.pgh.pa.us> — 2018-03-09T22:37:49Z
Whilst fooling about with predtest.c, I noticed a rather embarrassing error. Consider the following, rather silly, CHECK constraint: regression=# create table pp (f1 int); CREATE TABLE regression=# create table cc (check (f1 = 1 or f1 = null)) inherits(pp); CREATE TABLE Because "f1 = null" reduces to constant NULL, this check constraint is actually a no-op, because it can never evaluate to FALSE: regression=# insert into cc values(1); INSERT 0 1 regression=# insert into cc values(2); INSERT 0 1 regression=# select * from pp; f1 ---- 1 2 (2 rows) But: regression=# select * from pp where f1 = 2; f1 ---- (0 rows) Huh? The reason is that the planner is deciding that it can exclude cc from the plan: regression=# explain select * from pp where f1 = 2; QUERY PLAN -------------------------------------------------------- Append (cost=0.00..0.01 rows=1 width=4) -> Seq Scan on pp (cost=0.00..0.00 rows=1 width=4) Filter: (f1 = 2) (3 rows) and that ultimately traces to the part of canonicalize_qual() that throws away constant-NULL subexpressions of AND/OR clauses. It's clearly documented in canonicalize_qual() that it should only be applied to actual WHERE clauses, where that's a valid optimization. But there is lots of code that didn't get that memo and is calling it on CHECK constraints, allowing the NULL to be thrown away when it should not be. The particular culprit here, I think, is get_relation_constraints(), but there's a lot of similar code elsewhere. So, what to do? We have a few choices, none ideal: 1. Just remove that optimization from canonicalize_qual(). This would result in some inefficiency in badly-written queries, but it might be acceptable. 2. Run around and remove all the bogus canonicalize_qual() calls. The main demerit here is that this'd mean CHECK constraints also don't get the other effect of canonicalize_qual(), which is: * The following code attempts to apply the inverse OR distributive law: * ((A AND B) OR (A AND C)) => (A AND (B OR C)) * That is, locate OR clauses in which every subclause contains an * identical term, and pull out the duplicated terms. This'd possibly make it harder to match WHERE clauses, which do get that processing, to CHECK clauses which wouldn't. I think that possibly predtest.c is smart enough to make proofs even in the face of that, but I'm not sure. Another concern is whether external code might still contain incorrect canonicalize_qual() calls, or whether we might not accidentally put some back in future. 3. Change canonicalize_qual() to take an additional parameter indicating whether it's working on a true qual or not. This might be the best fix for HEAD, but it doesn't seem very back-patchable. 4. Split canonicalize_qual() into two functions, one for the inverse OR business and one for NULL removal. This would result in an additional tree traversal (and reconstruction) for every WHERE clause, slowing planning somewhat. 5. Remove NULL-simplification from canonicalize_qual(), but put it back somewhere later in the planner where we're traversing qual trees anyway. I think that it might work to charge the RestrictInfo-building code with this, though I'm not sure about it. It seems kind of high risk for a back-patchable change in any case. Thoughts? regards, tom lane -
Re: Bogus use of canonicalize_qual
Tom Lane <tgl@sss.pgh.pa.us> — 2018-03-10T20:21:06Z
I wrote: > Whilst fooling about with predtest.c, I noticed a rather embarrassing > error. Consider the following, rather silly, CHECK constraint: > ... > So, what to do? We have a few choices, none ideal: I'd been assuming that we need to back-patch a fix for this, but after further reflection, I'm not so sure. The bug is only triggered by fairly silly CHECK constraints, and given that it's been there a long time (at least since 9.2 according to my tests) without any field reports, it seems likely that nobody is writing such silly CHECK constraints. If we suppose that we only need to fix it in HEAD, the most attractive answer is to add a parameter distinguishing WHERE and CHECK arguments to canonicalize_qual. That allows symmetrical simplification of constant- NULL subexpressions in the two cases, and the fact that the caller now has to make an explicit choice of WHERE vs CHECK semantics might help discourage people from applying the function in cases where it's not clear which one applies. PFA a patch that does it like that. I'm a little unhappy with what I learned about the PARTITION code while doing this :-(. It's pretty schizophrenic about whether partition constraints are implicit-AND or explicit-AND format, and I do not think that the construction of default-partition constraints is done in a desirable fashion either. But I mostly resisted the temptation to touch that logic in this patch. Comments, objections? regards, tom lane
-
Re: Bogus use of canonicalize_qual
Dean Rasheed <dean.a.rasheed@gmail.com> — 2018-03-11T09:09:22Z
On 10 March 2018 at 20:21, Tom Lane <tgl@sss.pgh.pa.us> wrote: > I wrote: >> Whilst fooling about with predtest.c, I noticed a rather embarrassing >> error. Consider the following, rather silly, CHECK constraint: >> ... >> So, what to do? We have a few choices, none ideal: > > I'd been assuming that we need to back-patch a fix for this, but after > further reflection, I'm not so sure. The bug is only triggered by fairly > silly CHECK constraints, and given that it's been there a long time (at > least since 9.2 according to my tests) without any field reports, it seems > likely that nobody is writing such silly CHECK constraints. > > If we suppose that we only need to fix it in HEAD, the most attractive > answer is to add a parameter distinguishing WHERE and CHECK arguments > to canonicalize_qual. That allows symmetrical simplification of constant- > NULL subexpressions in the two cases, and the fact that the caller now > has to make an explicit choice of WHERE vs CHECK semantics might help > discourage people from applying the function in cases where it's not > clear which one applies. PFA a patch that does it like that. > I agree that this looks like the best choice, but it feels a little unsatisfactory to not back-patch a fix for such a glaring bug. You could perhaps leave the signature of canonicalize_qual() the same, but add a new canonicalize_check() function, and make both thin wrappers on top of a local function accepting the is_check parameter. Regards, Dean
-
Re: Bogus use of canonicalize_qual
Tom Lane <tgl@sss.pgh.pa.us> — 2018-03-11T17:23:55Z
Dean Rasheed <dean.a.rasheed@gmail.com> writes: > On 10 March 2018 at 20:21, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> If we suppose that we only need to fix it in HEAD, the most attractive >> answer is to add a parameter distinguishing WHERE and CHECK arguments >> to canonicalize_qual. > I agree that this looks like the best choice, but it feels a little > unsatisfactory to not back-patch a fix for such a glaring bug. You > could perhaps leave the signature of canonicalize_qual() the same, but > add a new canonicalize_check() function, and make both thin wrappers > on top of a local function accepting the is_check parameter. Hm. I'd be inclined to create canonicalize_qual_extended(qual, is_check) and then make canonicalize_qual() call that with is_check = false. But either way would avoid breaking API compatibility for the back branches. I guess the next question is whether we should do it the same way in HEAD, avoiding a cross-branch difference. But I don't like that, because part of the point here IMO is to force any external callers of canonicalize_qual() to reconsider what they're doing. regards, tom lane