rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/doc/src/sgml/ref/create_function.sgml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

944 lines
37 KiB
Plaintext
Raw Normal View History

Complete merge of all old man page information. ecpg reference page still needs formatting.
1999-07-22 17:09:15 +02:00
<!--
Remove cvs keywords from all files.
2010-09-20 22:08:53 +02:00
doc/src/sgml/ref/create_function.sgml
doc: make ref/*.sgml file header comment layout consistent
2020-05-15 14:52:24 +02:00
PostgreSQL documentation
Complete merge of all old man page information. ecpg reference page still needs formatting.
1999-07-22 17:09:15 +02:00
-->
Convert SGML IDs to lower case IDs in SGML are case insensitive, and we have accumulated a mix of upper and lower case IDs, including different variants of the same ID. In XML, these will be case sensitive, so we need to fix up those differences. Going to all lower case seems most straightforward, and the current build process already makes all anchors and lower case anyway during the SGML->XML conversion, so this doesn't create any difference in the output right now. A future XML-only build process would, however, maintain any mixed case ID spellings in the output, so that is another reason to clean this up beforehand. Author: Alexander Lakhin <exclusion@gmail.com>
2017-10-20 03:16:39 +02:00
<refentry id="sql-createfunction">
doc: Improve DocBook XML validity DocBook XML is superficially compatible with DocBook SGML but has a slightly stricter DTD that we have been violating in a few cases. Although XSLT doesn't care whether the document is valid, the style sheets don't necessarily process invalid documents correctly, so we need to work toward fixing this. This first commit moves the indexterms in refentry elements to an allowed position. It has no impact on the output.
2014-02-24 03:25:35 +01:00
<indexterm zone="sql-createfunction">
<primary>CREATE FUNCTION</primary>
</indexterm>
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
<refmeta>
Remove unnecessary xref endterm attributes and title ids The endterm attribute is mainly useful when the toolchain does not support automatic link target text generation for a particular situation. In the past, this was required by the man page tools for all reference page links, but that is no longer the case, and it now actually gets in the way of proper automatic link text generation. The only remaining use cases are currently xrefs to refsects.
2010-04-03 09:23:02 +02:00
<refentrytitle>CREATE FUNCTION</refentrytitle>
Set SQL man pages to be section 7 by default, and only transform them to another section if required by the platform (instead of the old way of building them in section "l" and always transforming them to the platform-specific section). This speeds up the installation on common platforms, and it avoids some funny business with the man page tools and build process.
2008-11-14 11:22:48 +01:00
<manvolnum>7</manvolnum>
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
<refnamediv>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<refname>CREATE FUNCTION</refname>
Put some kind of grammatical uniformity in the <refpurpose> lines.
2001-09-03 14:57:50 +02:00
<refpurpose>define a new function</refpurpose>
Clean up to ensure tag completion as required by the newest versions of Norm's Modular Style Sheets and jade/docbook. From Vince Vielhaber <vev@michvhf.com>.
1998-12-29 03:24:47 +01:00
</refnamediv>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
<refsynopsisdiv>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<synopsis>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
CREATE [ OR REPLACE ] FUNCTION
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
<replaceable class="parameter">name</replaceable> ( [ [ <replaceable class="parameter">argmode</replaceable> ] [ <replaceable class="parameter">argname</replaceable> ] <replaceable class="parameter">argtype</replaceable> [ { DEFAULT | = } <replaceable class="parameter">default_expr</replaceable> ] [, ...] ] )
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
[ RETURNS <replaceable class="parameter">rettype</replaceable>
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
| RETURNS TABLE ( <replaceable class="parameter">column_name</replaceable> <replaceable class="parameter">column_type</replaceable> [, ...] ) ]
{ LANGUAGE <replaceable class="parameter">lang_name</replaceable>
Add transforms feature This provides a mechanism for specifying conversions between SQL data types and procedural languages. As examples, there are transforms for hstore and ltree for PL/Perl and PL/Python. reviews by Pavel Stěhule and Andres Freund
2015-04-26 16:33:14 +02:00
| TRANSFORM { FOR TYPE <replaceable class="parameter">type_name</replaceable> } [, ... ]
Add a WINDOW attribute to CREATE FUNCTION, and teach pg_dump about it, so that user-defined window functions are possible. For the moment you'll have to write them in C, for lack of any interface to the WindowObject API in the available PLs, but it's better than no support at all. There was some debate about the best syntax for this. I ended up choosing the "it's an attribute" position --- the other approach will inevitably be more work, and the likely market for user-defined window functions is probably too small to justify it.
2008-12-31 03:25:06 +01:00
| WINDOW
Doc: fix confusion about LEAKPROOF in syntax summaries. The syntax summaries for CREATE FUNCTION and allied commands made it look like LEAKPROOF is an alternative to IMMUTABLE/STABLE/VOLATILE, when of course it is an orthogonal option. Improve that. Per gripe from aazamrafeeque0. Thanks to David Johnston for suggestions. Discussion: https://postgr.es/m/162444349581.694.5818572718530259025@wrigleys.postgresql.org
2021-06-23 20:27:13 +02:00
| { IMMUTABLE | STABLE | VOLATILE }
| [ NOT ] LEAKPROOF
| { CALLED ON NULL INPUT | RETURNS NULL ON NULL INPUT | STRICT }
| { [ EXTERNAL ] SECURITY INVOKER | [ EXTERNAL ] SECURITY DEFINER }
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
| PARALLEL { UNSAFE | RESTRICTED | SAFE }
Add COST and ROWS options to CREATE/ALTER FUNCTION, plus underlying pg_proc columns procost and prorows, to allow simple user adjustment of the estimated cost of a function call, as well as control of the estimated number of rows returned by a set-returning function. We might eventually wish to extend this to allow function-specific estimation routines, but there seems to be consensus that we should try a simple constant estimate first. In particular this provides a relatively simple way to control the order in which different WHERE clauses are applied in a plan node, which is a Good Thing in view of the fact that the recent EquivalenceClass planner rewrite made that much less predictable than before.
2007-01-22 02:35:23 +01:00
| COST <replaceable class="parameter">execution_cost</replaceable>
| ROWS <replaceable class="parameter">result_rows</replaceable>
Create the infrastructure for planner support functions. Rename/repurpose pg_proc.protransform as "prosupport". The idea is still that it names an internal function that provides knowledge to the planner about the behavior of the function it's attached to; but redesign the API specification so that it's not limited to doing just one thing, but can support an extensible set of requests. The original purpose of simplifying a function call is handled by the first request type to be invented, SupportRequestSimplify. Adjust all the existing transform functions to handle this API, and rename them fron "xxx_transform" to "xxx_support" to reflect the potential generalization of what they do. (Since we never previously provided any way for extensions to add transform functions, this change doesn't create an API break for them.) Also add DDL and pg_dump support for attaching a support function to a user-defined function. Unfortunately, DDL access has to be restricted to superusers, at least for now; but seeing that support functions will pretty much have to be written in C, that limitation is just theoretical. (This support is untested in this patch, but a follow-on patch will add cases that exercise it.) Discussion: https://postgr.es/m/15193.1548028093@sss.pgh.pa.us
2019-02-10 00:08:48 +01:00
| SUPPORT <replaceable class="parameter">support_function</replaceable>
Support SET FROM CURRENT in CREATE/ALTER FUNCTION, ALTER DATABASE, ALTER ROLE. (Actually, it works as a plain statement too, but I didn't document that because it seems a bit useless.) Unify VariableResetStmt with VariableSetStmt, and clean up some ancient cruft in the representation of same.
2007-09-03 20:46:30 +02:00
| SET <replaceable class="parameter">configuration_parameter</replaceable> { TO <replaceable class="parameter">value</replaceable> | = <replaceable class="parameter">value</replaceable> | FROM CURRENT }
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
| AS '<replaceable class="parameter">definition</replaceable>'
| AS '<replaceable class="parameter">obj_file</replaceable>', '<replaceable class="parameter">link_symbol</replaceable>'
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
| <replaceable class="parameter">sql_body</replaceable>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
} ...
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</synopsis>
</refsynopsisdiv>
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<refsect1 id="sql-createfunction-description">
<title>Description</title>
Fix markup for docbook2man man page generation. No big deal; fixed lots of other markup at the same time. Bigest change: make sure there is no whitespace in front of <term> contents. This will probably help the other output types too.
1999-07-06 19:16:42 +02:00
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<para>
<command>CREATE FUNCTION</command> defines a new function.
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<command>CREATE OR REPLACE FUNCTION</command> will either create a
new function, or replace an existing definition.
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
To be able to define a function, the user must have the
<literal>USAGE</literal> privilege on the language.
</para>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<para>
If a schema name is included, then the function is created in the
specified schema. Otherwise it is created in the current schema.
SQL procedures This adds a new object type "procedure" that is similar to a function but does not have a return type and is invoked by the new CALL statement instead of SELECT or similar. This implementation is aligned with the SQL standard and compatible with or similar to other SQL implementations. This commit adds new commands CALL, CREATE/ALTER/DROP PROCEDURE, as well as ALTER/DROP ROUTINE that can refer to either a function or a procedure (or an aggregate function, as an extension to SQL). There is also support for procedures in various utility commands such as COMMENT and GRANT, as well as support in pg_dump and psql. Support for defining procedures is available in all the languages supplied by the core distribution. While this commit is mainly syntax sugar around existing functionality, future features will rely on having procedures as a separate object type. Reviewed-by: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
2017-11-30 14:46:13 +01:00
The name of the new function must not match any existing function or procedure
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
with the same input argument types in the same schema. However,
SQL procedures This adds a new object type "procedure" that is similar to a function but does not have a return type and is invoked by the new CALL statement instead of SELECT or similar. This implementation is aligned with the SQL standard and compatible with or similar to other SQL implementations. This commit adds new commands CALL, CREATE/ALTER/DROP PROCEDURE, as well as ALTER/DROP ROUTINE that can refer to either a function or a procedure (or an aggregate function, as an extension to SQL). There is also support for procedures in various utility commands such as COMMENT and GRANT, as well as support in pg_dump and psql. Support for defining procedures is available in all the languages supplied by the core distribution. While this commit is mainly syntax sugar around existing functionality, future features will rely on having procedures as a separate object type. Reviewed-by: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
2017-11-30 14:46:13 +01:00
functions and procedures of different argument types can share a name (this is
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
called <firstterm>overloading</firstterm>).
More editing of reference pages.
2003-04-22 12:08:08 +02:00
</para>
<para>
Add COST and ROWS options to CREATE/ALTER FUNCTION, plus underlying pg_proc columns procost and prorows, to allow simple user adjustment of the estimated cost of a function call, as well as control of the estimated number of rows returned by a set-returning function. We might eventually wish to extend this to allow function-specific estimation routines, but there seems to be consensus that we should try a simple constant estimate first. In particular this provides a relatively simple way to control the order in which different WHERE clauses are applied in a plan node, which is a Good Thing in view of the fact that the recent EquivalenceClass planner rewrite made that much less predictable than before.
2007-01-22 02:35:23 +01:00
To replace the current definition of an existing function, use
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<command>CREATE OR REPLACE FUNCTION</command>. It is not possible
to change the name or argument types of a function this way (if you
Add documentation for the new "dollar quoting" feature, and update existing examples to use dollar quoting when appropriate. Original patch from David Fetter, additional work and editorializing by Neil Conway.
2004-05-17 01:22:08 +02:00
tried, you would actually be creating a new, distinct function).
Also, <command>CREATE OR REPLACE FUNCTION</command> will not let
you change the return type of an existing function. To do that,
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
you must drop and recreate the function. (When using <literal>OUT</literal>
Support use of function argument names to identify which actual arguments match which function parameters. The syntax uses AS, for example funcname(value AS arg1, anothervalue AS arg2) Pavel Stehule
2009-10-08 04:39:25 +02:00
parameters, that means you cannot change the types of any
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>OUT</literal> parameters except by dropping the function.)
More editing of reference pages.
2003-04-22 12:08:08 +02:00
</para>
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
When <command>CREATE OR REPLACE FUNCTION</command> is used to replace an
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
existing function, the ownership and permissions of the function
do not change. All other function properties are assigned the
values specified or implied in the command. You must own the function
to replace it (this includes being a member of the owning role).
</para>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<para>
If you drop and then recreate a function, the new function is not
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
the same entity as the old; you will have to drop existing rules, views,
triggers, etc. that refer to the old function. Use
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<command>CREATE OR REPLACE FUNCTION</command> to change a function
definition without breaking objects that refer to the function.
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
Also, <command>ALTER FUNCTION</command> can be used to change most of the
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
auxiliary properties of an existing function.
More editing of reference pages.
2003-04-22 12:08:08 +02:00
</para>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<para>
The user that creates the function becomes the owner of the function.
</para>
Add support for privileges on types This adds support for the more or less SQL-conforming USAGE privilege on types and domains. The intent is to be able restrict which users can create dependencies on types, which restricts the way in which owners can alter types. reviewed by Yeb Havinga
2011-12-19 23:05:19 +01:00
<para>
To be able to create a function, you must have <literal>USAGE</literal>
privilege on the argument types and the return type.
</para>
Doc: improve introductory information about procedures. Clarify the discussion in "User-Defined Procedures", by laying out the key differences between functions and procedures in a bulleted list. Notably, this avoids burying the lede about procedures being able to do transaction control. Make the back-link in the CREATE FUNCTION reference page more prominent, and add one in CREATE PROCEDURE. Per gripe from Guyren Howe. Thanks to David Johnston for discussion. Discussion: https://postgr.es/m/BYAPR03MB4903C53A8BB7EFF5EA289674A6949@BYAPR03MB4903.namprd03.prod.outlook.com
2021-03-10 17:33:50 +01:00
<para>
Refer to <xref linkend="xfunc"/> for further information on writing
functions.
</para>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
</refsect1>
<refsect1>
<title>Parameters</title>
Fix markup for docbook2man man page generation. No big deal; fixed lots of other markup at the same time. Bigest change: make sure there is no whitespace in front of <term> contents. This will probably help the other output types too.
1999-07-06 19:16:42 +02:00
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<variablelist>
Fix markup for docbook2man man page generation. No big deal; fixed lots of other markup at the same time. Bigest change: make sure there is no whitespace in front of <term> contents. This will probably help the other output types too.
1999-07-06 19:16:42 +02:00
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<varlistentry>
<term><replaceable class="parameter">name</replaceable></term>
<listitem>
<para>
Minor doc tweak: mention that function names can be optionally schema- qualified.
2004-09-16 06:16:08 +02:00
The name (optionally schema-qualified) of the function to create.
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
</listitem>
</varlistentry>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
<varlistentry>
<term><replaceable class="parameter">argmode</replaceable></term>
<listitem>
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The mode of an argument: <literal>IN</literal>, <literal>OUT</literal>,
<literal>INOUT</literal>, or <literal>VARIADIC</literal>.
If omitted, the default is <literal>IN</literal>.
Only <literal>OUT</literal> arguments can follow a <literal>VARIADIC</literal> one.
Also, <literal>OUT</literal> and <literal>INOUT</literal> arguments cannot be used
together with the <literal>RETURNS TABLE</literal> notation.
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
</para>
</listitem>
</varlistentry>
Add argument name to syntax.
2004-06-25 09:05:34 +02:00
<varlistentry>
<term><replaceable class="parameter">argname</replaceable></term>
<listitem>
<para>
Further update CREATE FUNCTION documentation about argument names More languages than SQL and PL/pgSQL actually support parameter names.
2013-06-20 04:25:13 +02:00
The name of an argument. Some languages (including SQL and PL/pgSQL)
Update CREATE FUNCTION documentation about argument names. The 9.2 patch that added argument name support in SQL-language functions missed updating a parenthetical comment about that in the CREATE FUNCTION reference page. Noted by Erwin Brandstetter.
2013-05-11 18:07:47 +02:00
let you use the name in the function body. For other languages the
Support use of function argument names to identify which actual arguments match which function parameters. The syntax uses AS, for example funcname(value AS arg1, anothervalue AS arg2) Pavel Stehule
2009-10-08 04:39:25 +02:00
name of an input argument is just extra documentation, so far as
the function itself is concerned; but you can use input argument names
when calling a function to improve readability (see <xref
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
linkend="sql-syntax-calling-funcs"/>). In any case, the name
Support use of function argument names to identify which actual arguments match which function parameters. The syntax uses AS, for example funcname(value AS arg1, anothervalue AS arg2) Pavel Stehule
2009-10-08 04:39:25 +02:00
of an output argument is significant, because it defines the column
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
name in the result row type. (If you omit the name for an output
argument, the system will choose a default column name.)
Add argument name to syntax.
2004-06-25 09:05:34 +02:00
</para>
</listitem>
</varlistentry>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<varlistentry>
<term><replaceable class="parameter">argtype</replaceable></term>
<listitem>
<para>
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
The data type(s) of the function's arguments (optionally
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
schema-qualified), if any. The argument types can be base, composite,
or domain types, or can reference the type of a table column.
Minor doc patch: create function Gavin Sherry
2003-03-20 05:41:13 +01:00
</para>
<para>
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
Depending on the implementation language it might also be allowed
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
to specify <quote>pseudo-types</quote> such as <type>cstring</type>.
Make UNKNOWN into an actual pseudo-type. Previously, type "unknown" was labeled as a base type in pg_type, which perhaps had some sense to it because you were allowed to create tables with unknown-type columns. But now that we don't allow that, it makes more sense to label it a pseudo-type. This has the additional effects of forbidding use of "unknown" as a domain base type, cast source or target type, PL function argument or result type, or plpgsql local variable type; all of which seem like good holes to plug. Discussion: https://postgr.es/m/CAH2L28uwwbL9HUM-WR=hromW1Cvamkn7O-g8fPY2m=_7muJ0oA@mail.gmail.com
2017-01-25 15:27:09 +01:00
Pseudo-types indicate that the actual argument type is either
Minor doc patch: create function Gavin Sherry
2003-03-20 05:41:13 +01:00
incompletely specified, or outside the set of ordinary SQL data types.
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
<para>
The type of a column is referenced by writing
<literal><replaceable
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
class="parameter">table_name</replaceable>.<replaceable
class="parameter">column_name</replaceable>%TYPE</literal>.
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
Using this feature can sometimes help make a function independent of
changes to the definition of a table.
</para>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</listitem>
</varlistentry>
Default values for function arguments Pavel Stehule, with some tweaks by Peter Eisentraut
2008-12-04 18:51:28 +01:00
<varlistentry>
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
<term><replaceable class="parameter">default_expr</replaceable></term>
Default values for function arguments Pavel Stehule, with some tweaks by Peter Eisentraut
2008-12-04 18:51:28 +01:00
<listitem>
<para>
An expression to be used as default value if the parameter is
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
not specified. The expression has to be coercible to the
argument type of the parameter.
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
Only input (including <literal>INOUT</literal>) parameters can have a default
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
value. All input parameters following a
parameter with a default value must have default values as well.
Default values for function arguments Pavel Stehule, with some tweaks by Peter Eisentraut
2008-12-04 18:51:28 +01:00
</para>
</listitem>
</varlistentry>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<varlistentry>
<term><replaceable class="parameter">rettype</replaceable></term>
<listitem>
<para>
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
The return data type (optionally schema-qualified). The return type
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
can be a base, composite, or domain type,
or can reference the type of a table column.
Depending on the implementation language it might also be allowed
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
to specify <quote>pseudo-types</quote> such as <type>cstring</type>.
Mention 'void' as the proper return type when there's nothing to return, per suggestion from Joachim Wieland.
2006-11-03 08:17:36 +01:00
If the function is not supposed to return a value, specify
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<type>void</type> as the return type.
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
</para>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
When there are <literal>OUT</literal> or <literal>INOUT</literal> parameters,
the <literal>RETURNS</literal> clause can be omitted. If present, it
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
must agree with the result type implied by the output parameters:
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>RECORD</literal> if there are multiple output parameters, or
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
the same type as the single output parameter.
</para>
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
<para>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
The <literal>SETOF</literal>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
modifier indicates that the function will return a set of
Add a bunch of pseudo-types to replace the behavior formerly associated with OPAQUE, as per recent pghackers discussion. I still want to do some more work on the 'cstring' pseudo-type, but I'm going to commit the bulk of the changes now before the tree starts shifting under me ...
2002-08-22 02:01:51 +02:00
items, rather than a single item.
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
<para>
The type of a column is referenced by writing
<literal><replaceable
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
class="parameter">table_name</replaceable>.<replaceable
class="parameter">column_name</replaceable>%TYPE</literal>.
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
</para>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</listitem>
</varlistentry>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
<varlistentry>
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
<term><replaceable class="parameter">column_name</replaceable></term>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
<listitem>
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The name of an output column in the <literal>RETURNS TABLE</literal>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
syntax. This is effectively another way of declaring a named
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>OUT</literal> parameter, except that <literal>RETURNS TABLE</literal>
also implies <literal>RETURNS SETOF</literal>.
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
</para>
</listitem>
</varlistentry>
<varlistentry>
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
<term><replaceable class="parameter">column_type</replaceable></term>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
<listitem>
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The data type of an output column in the <literal>RETURNS TABLE</literal>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
syntax.
</para>
</listitem>
</varlistentry>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<varlistentry>
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
<term><replaceable class="parameter">lang_name</replaceable></term>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<listitem>
<para>
The name of the language that the function is implemented in.
docs: improve CREATE FUNCTION docs about language case and quoting Report from Marc Mamin
2014-02-13 23:07:05 +01:00
It can be <literal>sql</literal>, <literal>c</literal>,
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<literal>internal</literal>, or the name of a user-defined
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
procedural language, e.g., <literal>plpgsql</literal>. The default is
<literal>sql</literal> if <replaceable
class="parameter">sql_body</replaceable> is specified. Enclosing the
docs: improve CREATE FUNCTION docs about language case and quoting Report from Marc Mamin
2014-02-13 23:07:05 +01:00
name in single quotes is deprecated and requires matching case.
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
</para>
</listitem>
Add a WINDOW attribute to CREATE FUNCTION, and teach pg_dump about it, so that user-defined window functions are possible. For the moment you'll have to write them in C, for lack of any interface to the WindowObject API in the available PLs, but it's better than no support at all. There was some debate about the best syntax for this. I ended up choosing the "it's an attribute" position --- the other approach will inevitably be more work, and the likely market for user-defined window functions is probably too small to justify it.
2008-12-31 03:25:06 +01:00
</varlistentry>
Add transforms feature This provides a mechanism for specifying conversions between SQL data types and procedural languages. As examples, there are transforms for hstore and ltree for PL/Perl and PL/Python. reviews by Pavel Stěhule and Andres Freund
2015-04-26 16:33:14 +02:00
<varlistentry>
<term><literal>TRANSFORM { FOR TYPE <replaceable class="parameter">type_name</replaceable> } [, ... ] }</literal></term>
<listitem>
<para>
Lists which transforms a call to the function should apply. Transforms
convert between SQL types and language-specific data types;
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
see <xref linkend="sql-createtransform"/>. Procedural language
Add transforms feature This provides a mechanism for specifying conversions between SQL data types and procedural languages. As examples, there are transforms for hstore and ltree for PL/Perl and PL/Python. reviews by Pavel Stěhule and Andres Freund
2015-04-26 16:33:14 +02:00
implementations usually have hardcoded knowledge of the built-in types,
so those don't need to be listed here. If a procedural language
implementation does not know how to handle a type and no transform is
supplied, it will fall back to a default behavior for converting data
types, but this depends on the implementation.
</para>
</listitem>
</varlistentry>
Add a WINDOW attribute to CREATE FUNCTION, and teach pg_dump about it, so that user-defined window functions are possible. For the moment you'll have to write them in C, for lack of any interface to the WindowObject API in the available PLs, but it's better than no support at all. There was some debate about the best syntax for this. I ended up choosing the "it's an attribute" position --- the other approach will inevitably be more work, and the likely market for user-defined window functions is probably too small to justify it.
2008-12-31 03:25:06 +01:00
<varlistentry>
<term><literal>WINDOW</literal></term>
<listitem>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>WINDOW</literal> indicates that the function is a
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<firstterm>window function</firstterm> rather than a plain function.
Add a WINDOW attribute to CREATE FUNCTION, and teach pg_dump about it, so that user-defined window functions are possible. For the moment you'll have to write them in C, for lack of any interface to the WindowObject API in the available PLs, but it's better than no support at all. There was some debate about the best syntax for this. I ended up choosing the "it's an attribute" position --- the other approach will inevitably be more work, and the likely market for user-defined window functions is probably too small to justify it.
2008-12-31 03:25:06 +01:00
This is currently only useful for functions written in C.
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The <literal>WINDOW</literal> attribute cannot be changed when
Add a WINDOW attribute to CREATE FUNCTION, and teach pg_dump about it, so that user-defined window functions are possible. For the moment you'll have to write them in C, for lack of any interface to the WindowObject API in the available PLs, but it's better than no support at all. There was some debate about the best syntax for this. I ended up choosing the "it's an attribute" position --- the other approach will inevitably be more work, and the likely market for user-defined window functions is probably too small to justify it.
2008-12-31 03:25:06 +01:00
replacing an existing function definition.
</para>
</listitem>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
</varlistentry>
<varlistentry>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<term><literal>IMMUTABLE</literal></term>
<term><literal>STABLE</literal></term>
<term><literal>VOLATILE</literal></term>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<listitem>
<para>
Emphasize that immutable and stable functions are not allowed to modify the database. xfunc.sgml was already pretty definite on the point, but it doesn't hurt to make it clear here too.
2006-11-10 21:52:18 +01:00
These attributes inform the query optimizer about the behavior
of the function. At most one choice
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
can be specified. If none of these appear,
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<literal>VOLATILE</literal> is the default assumption.
</para>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>IMMUTABLE</literal> indicates that the function
Emphasize that immutable and stable functions are not allowed to modify the database. xfunc.sgml was already pretty definite on the point, but it doesn't hurt to make it clear here too.
2006-11-10 21:52:18 +01:00
cannot modify the database and always
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
returns the same result when given the same argument values; that
is, it does not do database lookups or otherwise use information not
More editing of reference pages.
2003-04-22 12:08:08 +02:00
directly present in its argument list. If this option is given,
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
any call of the function with all-constant arguments can be
immediately replaced with the function value.
</para>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>STABLE</literal> indicates that the function
Emphasize that immutable and stable functions are not allowed to modify the database. xfunc.sgml was already pretty definite on the point, but it doesn't hurt to make it clear here too.
2006-11-10 21:52:18 +01:00
cannot modify the database,
and that within a single table scan it will consistently
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
return the same result for the same argument values, but that its
result could change across SQL statements. This is the appropriate
selection for functions whose results depend on database lookups,
Document that after triggers that need to see changed rows should not be marked stable.
2010-02-25 23:24:00 +01:00
parameter variables (such as the current time zone), etc. (It is
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
inappropriate for <literal>AFTER</literal> triggers that wish to
Document that after triggers that need to see changed rows should not be marked stable.
2010-02-25 23:24:00 +01:00
query rows modified by the current command.) Also note
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
that the <function>current_timestamp</function> family of functions qualify
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
as stable, since their values do not change within a transaction.
</para>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>VOLATILE</literal> indicates that the function value can
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
change even within a single table scan, so no optimizations can be
made. Relatively few database functions are volatile in this sense;
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
some examples are <literal>random()</literal>, <literal>currval()</literal>,
<literal>timeofday()</literal>. But note that any function that has
Make an editorial pass over the reference pages.
2005-11-01 22:09:51 +01:00
side-effects must be classified volatile, even if its result is quite
predictable, to prevent calls from being optimized away; an example is
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>setval()</literal>.
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
</para>
Redesign query-snapshot timing so that volatile functions in READ COMMITTED mode see a fresh snapshot for each command in the function, rather than using the latest interactive command's snapshot. Also, suppress fresh snapshots as well as CommandCounterIncrement inside STABLE and IMMUTABLE functions, instead using the snapshot taken for the most closely nested regular query. (This behavior is only sane for read-only functions, so the patch also enforces that such functions contain only SELECT commands.) As per my proposal of 6-Sep-2004; I note that I floated essentially the same proposal on 19-Jun-2002, but that discussion tailed off without any action. Since 8.0 seems like the right place to be taking possibly nontrivial backwards compatibility hits, let's get it done now.
2004-09-13 22:10:13 +02:00
<para>
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
For additional details see <xref linkend="xfunc-volatility"/>.
Redesign query-snapshot timing so that volatile functions in READ COMMITTED mode see a fresh snapshot for each command in the function, rather than using the latest interactive command's snapshot. Also, suppress fresh snapshots as well as CommandCounterIncrement inside STABLE and IMMUTABLE functions, instead using the snapshot taken for the most closely nested regular query. (This behavior is only sane for read-only functions, so the patch also enforces that such functions contain only SELECT commands.) As per my proposal of 6-Sep-2004; I note that I floated essentially the same proposal on 19-Jun-2002, but that discussion tailed off without any action. Since 8.0 seems like the right place to be taking possibly nontrivial backwards compatibility hits, let's get it done now.
2004-09-13 22:10:13 +02:00
</para>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
</listitem>
</varlistentry>
Allow LEAKPROOF functions for better performance of security views. We don't normally allow quals to be pushed down into a view created with the security_barrier option, but functions without side effects are an exception: they're OK. This allows much better performance in common cases, such as when using an equality operator (that might even be indexable). There is an outstanding issue here with the CREATE FUNCTION / ALTER FUNCTION syntax: there's no way to use ALTER FUNCTION to unset the leakproof flag. But I'm committing this as-is so that it doesn't have to be rebased again; we can fix up the grammar in a future commit. KaiGai Kohei, with some wordsmithing by me.
2012-02-14 04:20:27 +01:00
<varlistentry>
<term><literal>LEAKPROOF</literal></term>
<listitem>
<para>
<literal>LEAKPROOF</literal> indicates that the function has no side
effects. It reveals no information about its arguments other than by
its return value. For example, a function which throws an error message
for some argument values but not others, or which includes the argument
Improve CREATE FUNCTION doc WRT to LEAKPROOF RLS interaction. Patch by Dean Rasheed. Back-patched to 9.5 where RLS was introduced.
2015-07-30 19:16:36 +02:00
values in any error message, is not leakproof. This affects how the
system executes queries against views created with the
<literal>security_barrier</literal> option or tables with row level
security enabled. The system will enforce conditions from security
policies and security barrier views before any user-supplied conditions
from the query itself that contain non-leakproof functions, in order to
prevent the inadvertent exposure of data. Functions and operators
marked as leakproof are assumed to be trustworthy, and may be executed
before conditions from security policies and security barrier views.
doc: Spell checking
2015-09-11 03:22:21 +02:00
In addition, functions which do not take arguments or which are not
Improve CREATE FUNCTION doc WRT to LEAKPROOF RLS interaction. Patch by Dean Rasheed. Back-patched to 9.5 where RLS was introduced.
2015-07-30 19:16:36 +02:00
passed any arguments from the security barrier view or table do not have
to be marked as leakproof to be executed before security conditions. See
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
<xref linkend="sql-createview"/> and <xref linkend="rules-privileges"/>.
Allow LEAKPROOF functions for better performance of security views. We don't normally allow quals to be pushed down into a view created with the security_barrier option, but functions without side effects are an exception: they're OK. This allows much better performance in common cases, such as when using an equality operator (that might even be indexable). There is an outstanding issue here with the CREATE FUNCTION / ALTER FUNCTION syntax: there's no way to use ALTER FUNCTION to unset the leakproof flag. But I'm committing this as-is so that it doesn't have to be rebased again; we can fix up the grammar in a future commit. KaiGai Kohei, with some wordsmithing by me.
2012-02-14 04:20:27 +01:00
This option can only be set by the superuser.
</para>
</listitem>
</varlistentry>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<varlistentry>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<term><literal>CALLED ON NULL INPUT</literal></term>
<term><literal>RETURNS NULL ON NULL INPUT</literal></term>
<term><literal>STRICT</literal></term>
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<listitem>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>CALLED ON NULL INPUT</literal> (the default) indicates
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
that the function will be called normally when some of its
arguments are null. It is then the function author's
Add more appropriate markup.
2002-09-21 20:32:54 +02:00
responsibility to check for null values if necessary and respond
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
appropriately.
</para>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>RETURNS NULL ON NULL INPUT</literal> or
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
<literal>STRICT</literal> indicates that the function always
More editing of reference pages.
2003-04-22 12:08:08 +02:00
returns null whenever any of its arguments are null. If this
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
parameter is specified, the function is not executed when there
More editing of reference pages.
2003-04-22 12:08:08 +02:00
are null arguments; instead a null result is assumed
Extend syntax of CREATE FUNCTION to resemble SQL99.
2002-05-17 20:32:52 +02:00
automatically.
</para>
</listitem>
</varlistentry>
Allow functions to be executed with the privileges of the function owner. I took the opportunity to remove the pg_proc.proistrusted field.
2002-05-18 15:48:01 +02:00
<varlistentry>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<term><literal><optional>EXTERNAL</optional> SECURITY INVOKER</literal></term>
<term><literal><optional>EXTERNAL</optional> SECURITY DEFINER</literal></term>
Allow functions to be executed with the privileges of the function owner. I took the opportunity to remove the pg_proc.proistrusted field.
2002-05-18 15:48:01 +02:00
<listitem>
Fix a whitespace issue with the man pages There is what may actually be a mistake in our markup. The problem is in a situation like <para> <command>FOO</command> is ... there is strictly speaking a line break before "FOO". In the HTML output, this does not appear to be a problem, but in the man page output, this shows up, so you get double blank lines at odd places. So far, we have attempted to work around this with an XSL hack, but that causes other problems, such as creating run-ins in places like <acronym>SQL</acronym> <command>COPY</command> So fix the problem properly by removing the extra whitespace. I only fixed the problems that affect the man page output, not all the places.
2011-08-07 09:49:45 +02:00
<para><literal>SECURITY INVOKER</literal> indicates that the function
Allow functions to be executed with the privileges of the function owner. I took the opportunity to remove the pg_proc.proistrusted field.
2002-05-18 15:48:01 +02:00
is to be executed with the privileges of the user that calls it.
That is the default. <literal>SECURITY DEFINER</literal>
specifies that the function is to be executed with the
Assorted improvements to SECURITY DEFINER functions documentation. Add a cross-reference from the part of the page that introdues SECURITY INVOKER and SECURITY DEFINER to the part of the page that talks about writing SECURITY DEFINER functions safely, so that users are less likely to miss it. Remove discussion of the pre-8.3 behavior on the theory that it's probably not very relevant any more, that release having gone out of support nearly a decade ago. Add a mention of the new createrole_self_grant GUC, which in certain cases might need to be set to a safe value to avoid unexpected consequences. Possibly this section needs major surgery rather than just these small tweaks, but hopefully this is at least a small step forward. Discussion: http://postgr.es/m/CA+Tgmoauqd1cHQjsNEoxL5O-kEO4iC9dAPyCudSvmNqPJGmy9g@mail.gmail.com
2023-01-16 16:49:59 +01:00
privileges of the user that owns it. For information on how to
write <literal>SECURITY DEFINER</literal> functions safely,
<link linkend="sql-createfunction-security">see below</link>.
Allow functions to be executed with the privileges of the function owner. I took the opportunity to remove the pg_proc.proistrusted field.
2002-05-18 15:48:01 +02:00
</para>
<para>
Make an editorial pass over the reference pages.
2005-11-01 22:09:51 +01:00
The key word <literal>EXTERNAL</literal> is allowed for SQL
conformance, but it is optional since, unlike in SQL, this feature
applies to all functions not only external ones.
Allow functions to be executed with the privileges of the function owner. I took the opportunity to remove the pg_proc.proistrusted field.
2002-05-18 15:48:01 +02:00
</para>
</listitem>
</varlistentry>
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
<varlistentry>
<term><literal>PARALLEL</literal></term>
<listitem>
Allow "internal" subtransactions in parallel mode. Allow use of BeginInternalSubTransaction() in parallel mode, so long as the subtransaction doesn't attempt to acquire an XID or increment the command counter. Given those restrictions, the other parallel processes don't need to know about the subtransaction at all, so this should be safe. The benefit is that it allows subtransactions intended for error recovery, such as pl/pgsql exception blocks, to be used in PARALLEL SAFE functions. Another reason for doing this is that the API of BeginInternalSubTransaction() doesn't allow reporting failure. pl/python for one, and perhaps other PLs, copes very poorly with an error longjmp out of BeginInternalSubTransaction(). The headline feature of this patch removes the only easily-triggerable failure case within that function. There remain some resource-exhaustion and similar cases, which we now deal with by promoting them to FATAL errors, so that callers need not try to clean up. (It is likely that such errors would leave us with corrupted transaction state inside xact.c, making recovery difficult if not impossible anyway.) Although this work started because of a report of a pl/python crash, we're not going to do anything about that in the back branches. Back-patching this particular fix is obviously not very wise. While we could contemplate some narrower band-aid, pl/python is already an untrusted language, so it seems okay to classify this as a "so don't do that" case. Patch by me, per report from Hao Zhang. Thanks to Robert Haas for review. Discussion: https://postgr.es/m/CALY6Dr-2yLVeVPhNMhuBnRgOZo1UjoTETgtKBx1B2gUi8yy+3g@mail.gmail.com
2024-03-28 17:43:10 +01:00
<para>
<literal>PARALLEL UNSAFE</literal> indicates that the function
can't be executed in parallel mode; the presence of such a
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
function in an SQL statement forces a serial execution plan. This is
the default. <literal>PARALLEL RESTRICTED</literal> indicates that
Allow "internal" subtransactions in parallel mode. Allow use of BeginInternalSubTransaction() in parallel mode, so long as the subtransaction doesn't attempt to acquire an XID or increment the command counter. Given those restrictions, the other parallel processes don't need to know about the subtransaction at all, so this should be safe. The benefit is that it allows subtransactions intended for error recovery, such as pl/pgsql exception blocks, to be used in PARALLEL SAFE functions. Another reason for doing this is that the API of BeginInternalSubTransaction() doesn't allow reporting failure. pl/python for one, and perhaps other PLs, copes very poorly with an error longjmp out of BeginInternalSubTransaction(). The headline feature of this patch removes the only easily-triggerable failure case within that function. There remain some resource-exhaustion and similar cases, which we now deal with by promoting them to FATAL errors, so that callers need not try to clean up. (It is likely that such errors would leave us with corrupted transaction state inside xact.c, making recovery difficult if not impossible anyway.) Although this work started because of a report of a pl/python crash, we're not going to do anything about that in the back branches. Back-patching this particular fix is obviously not very wise. While we could contemplate some narrower band-aid, pl/python is already an untrusted language, so it seems okay to classify this as a "so don't do that" case. Patch by me, per report from Hao Zhang. Thanks to Robert Haas for review. Discussion: https://postgr.es/m/CALY6Dr-2yLVeVPhNMhuBnRgOZo1UjoTETgtKBx1B2gUi8yy+3g@mail.gmail.com
2024-03-28 17:43:10 +01:00
the function can be executed in parallel mode, but only in the parallel
group leader process. <literal>PARALLEL SAFE</literal>
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
indicates that the function is safe to run in parallel mode without
Allow "internal" subtransactions in parallel mode. Allow use of BeginInternalSubTransaction() in parallel mode, so long as the subtransaction doesn't attempt to acquire an XID or increment the command counter. Given those restrictions, the other parallel processes don't need to know about the subtransaction at all, so this should be safe. The benefit is that it allows subtransactions intended for error recovery, such as pl/pgsql exception blocks, to be used in PARALLEL SAFE functions. Another reason for doing this is that the API of BeginInternalSubTransaction() doesn't allow reporting failure. pl/python for one, and perhaps other PLs, copes very poorly with an error longjmp out of BeginInternalSubTransaction(). The headline feature of this patch removes the only easily-triggerable failure case within that function. There remain some resource-exhaustion and similar cases, which we now deal with by promoting them to FATAL errors, so that callers need not try to clean up. (It is likely that such errors would leave us with corrupted transaction state inside xact.c, making recovery difficult if not impossible anyway.) Although this work started because of a report of a pl/python crash, we're not going to do anything about that in the back branches. Back-patching this particular fix is obviously not very wise. While we could contemplate some narrower band-aid, pl/python is already an untrusted language, so it seems okay to classify this as a "so don't do that" case. Patch by me, per report from Hao Zhang. Thanks to Robert Haas for review. Discussion: https://postgr.es/m/CALY6Dr-2yLVeVPhNMhuBnRgOZo1UjoTETgtKBx1B2gUi8yy+3g@mail.gmail.com
2024-03-28 17:43:10 +01:00
restriction, including in parallel worker processes.
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
</para>
<para>
Functions should be labeled parallel unsafe if they modify any database
Allow "internal" subtransactions in parallel mode. Allow use of BeginInternalSubTransaction() in parallel mode, so long as the subtransaction doesn't attempt to acquire an XID or increment the command counter. Given those restrictions, the other parallel processes don't need to know about the subtransaction at all, so this should be safe. The benefit is that it allows subtransactions intended for error recovery, such as pl/pgsql exception blocks, to be used in PARALLEL SAFE functions. Another reason for doing this is that the API of BeginInternalSubTransaction() doesn't allow reporting failure. pl/python for one, and perhaps other PLs, copes very poorly with an error longjmp out of BeginInternalSubTransaction(). The headline feature of this patch removes the only easily-triggerable failure case within that function. There remain some resource-exhaustion and similar cases, which we now deal with by promoting them to FATAL errors, so that callers need not try to clean up. (It is likely that such errors would leave us with corrupted transaction state inside xact.c, making recovery difficult if not impossible anyway.) Although this work started because of a report of a pl/python crash, we're not going to do anything about that in the back branches. Back-patching this particular fix is obviously not very wise. While we could contemplate some narrower band-aid, pl/python is already an untrusted language, so it seems okay to classify this as a "so don't do that" case. Patch by me, per report from Hao Zhang. Thanks to Robert Haas for review. Discussion: https://postgr.es/m/CALY6Dr-2yLVeVPhNMhuBnRgOZo1UjoTETgtKBx1B2gUi8yy+3g@mail.gmail.com
2024-03-28 17:43:10 +01:00
state, change the transaction state (other than by using a
subtransaction for error recovery), access sequences (e.g., by
calling <literal>currval</literal>) or make persistent changes to
settings. They should
be labeled parallel restricted if they access temporary tables,
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
client connection state, cursors, prepared statements, or miscellaneous
backend-local state which the system cannot synchronize in parallel mode
doc: add commas after 'i.e.' and 'e.g.' This follows the American format, https://jakubmarian.com/comma-after-i-e-and-e-g/. There is no intention of requiring this format for future text, but making existing text consistent every few years makes sense. Discussion: https://postgr.es/m/20200825183619.GA22369@momjian.us Backpatch-through: 9.5
2020-09-01 00:33:37 +02:00
(e.g., <literal>setseed</literal> cannot be executed other than by the group
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
leader because a change made by another process would not be reflected
in the leader). In general, if a function is labeled as being safe when
it is restricted or unsafe, or if it is labeled as being restricted when
it is in fact unsafe, it may throw errors or produce wrong answers
when used in a parallel query. C-language functions could in theory
exhibit totally undefined behavior if mislabeled, since there is no way
for the system to protect itself against arbitrary C code, but in most
likely cases the result will be no worse than for any other function.
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
If in doubt, functions should be labeled as <literal>UNSAFE</literal>, which is
Determine whether it's safe to attempt a parallel plan for a query. Commit 924bcf4f16d54c55310b28f77686608684734f42 introduced a framework for parallel computation in PostgreSQL that makes most but not all built-in functions safe to execute in parallel mode. In order to have parallel query, we'll need to be able to determine whether that query contains functions (either built-in or user-defined) that cannot be safely executed in parallel mode. This requires those functions to be labeled, so this patch introduces an infrastructure for that. Some functions currently labeled as safe may need to be revised depending on how pending issues related to heavyweight locking under paralllelism are resolved. Parallel plans can't be used except for the case where the query will run to completion. If portal execution were suspended, the parallel mode restrictions would need to remain in effect during that time, but that might make other queries fail. Therefore, this patch introduces a framework that enables consideration of parallel plans only when it is known that the plan will be run to completion. This probably needs some refinement; for example, at bind time, we do not know whether a query run via the extended protocol will be execution to completion or run with a limited fetch count. Having the client indicate its intentions at bind time would constitute a wire protocol break. Some contexts in which parallel mode would be safe are not adjusted by this patch; the default is not to try parallel plans except from call sites that have been updated to say that such plans are OK. This commit doesn't introduce any parallel paths or plans; it just provides a way to determine whether they could potentially be used. I'm committing it on the theory that the remaining parallel sequential scan patches will also get committed to this release, hopefully in the not-too-distant future. Robert Haas and Amit Kapila. Reviewed (in earlier versions) by Noah Misch.
2015-09-16 21:38:47 +02:00
the default.
</para>
</listitem>
</varlistentry>
Add COST and ROWS options to CREATE/ALTER FUNCTION, plus underlying pg_proc columns procost and prorows, to allow simple user adjustment of the estimated cost of a function call, as well as control of the estimated number of rows returned by a set-returning function. We might eventually wish to extend this to allow function-specific estimation routines, but there seems to be consensus that we should try a simple constant estimate first. In particular this provides a relatively simple way to control the order in which different WHERE clauses are applied in a plan node, which is a Good Thing in view of the fact that the recent EquivalenceClass planner rewrite made that much less predictable than before.
2007-01-22 02:35:23 +01:00
<varlistentry>
SQL procedures This adds a new object type "procedure" that is similar to a function but does not have a return type and is invoked by the new CALL statement instead of SELECT or similar. This implementation is aligned with the SQL standard and compatible with or similar to other SQL implementations. This commit adds new commands CALL, CREATE/ALTER/DROP PROCEDURE, as well as ALTER/DROP ROUTINE that can refer to either a function or a procedure (or an aggregate function, as an extension to SQL). There is also support for procedures in various utility commands such as COMMENT and GRANT, as well as support in pg_dump and psql. Support for defining procedures is available in all the languages supplied by the core distribution. While this commit is mainly syntax sugar around existing functionality, future features will rely on having procedures as a separate object type. Reviewed-by: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
2017-11-30 14:46:13 +01:00
<term><literal>COST</literal> <replaceable class="parameter">execution_cost</replaceable></term>
Add COST and ROWS options to CREATE/ALTER FUNCTION, plus underlying pg_proc columns procost and prorows, to allow simple user adjustment of the estimated cost of a function call, as well as control of the estimated number of rows returned by a set-returning function. We might eventually wish to extend this to allow function-specific estimation routines, but there seems to be consensus that we should try a simple constant estimate first. In particular this provides a relatively simple way to control the order in which different WHERE clauses are applied in a plan node, which is a Good Thing in view of the fact that the recent EquivalenceClass planner rewrite made that much less predictable than before.
2007-01-22 02:35:23 +01:00
<listitem>
<para>
A positive number giving the estimated execution cost for the function,
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
in units of <xref linkend="guc-cpu-operator-cost"/>. If the function
Add COST and ROWS options to CREATE/ALTER FUNCTION, plus underlying pg_proc columns procost and prorows, to allow simple user adjustment of the estimated cost of a function call, as well as control of the estimated number of rows returned by a set-returning function. We might eventually wish to extend this to allow function-specific estimation routines, but there seems to be consensus that we should try a simple constant estimate first. In particular this provides a relatively simple way to control the order in which different WHERE clauses are applied in a plan node, which is a Good Thing in view of the fact that the recent EquivalenceClass planner rewrite made that much less predictable than before.
2007-01-22 02:35:23 +01:00
returns a set, this is the cost per returned row. If the cost is
not specified, 1 unit is assumed for C-language and internal functions,
and 100 units for functions in all other languages. Larger values
cause the planner to try to avoid evaluating the function more often
than necessary.
</para>
</listitem>
</varlistentry>
<varlistentry>
SQL procedures This adds a new object type "procedure" that is similar to a function but does not have a return type and is invoked by the new CALL statement instead of SELECT or similar. This implementation is aligned with the SQL standard and compatible with or similar to other SQL implementations. This commit adds new commands CALL, CREATE/ALTER/DROP PROCEDURE, as well as ALTER/DROP ROUTINE that can refer to either a function or a procedure (or an aggregate function, as an extension to SQL). There is also support for procedures in various utility commands such as COMMENT and GRANT, as well as support in pg_dump and psql. Support for defining procedures is available in all the languages supplied by the core distribution. While this commit is mainly syntax sugar around existing functionality, future features will rely on having procedures as a separate object type. Reviewed-by: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
2017-11-30 14:46:13 +01:00
<term><literal>ROWS</literal> <replaceable class="parameter">result_rows</replaceable></term>
Add COST and ROWS options to CREATE/ALTER FUNCTION, plus underlying pg_proc columns procost and prorows, to allow simple user adjustment of the estimated cost of a function call, as well as control of the estimated number of rows returned by a set-returning function. We might eventually wish to extend this to allow function-specific estimation routines, but there seems to be consensus that we should try a simple constant estimate first. In particular this provides a relatively simple way to control the order in which different WHERE clauses are applied in a plan node, which is a Good Thing in view of the fact that the recent EquivalenceClass planner rewrite made that much less predictable than before.
2007-01-22 02:35:23 +01:00
<listitem>
<para>
A positive number giving the estimated number of rows that the planner
should expect the function to return. This is only allowed when the
function is declared to return a set. The default assumption is
1000 rows.
</para>
</listitem>
</varlistentry>
Create the infrastructure for planner support functions. Rename/repurpose pg_proc.protransform as "prosupport". The idea is still that it names an internal function that provides knowledge to the planner about the behavior of the function it's attached to; but redesign the API specification so that it's not limited to doing just one thing, but can support an extensible set of requests. The original purpose of simplifying a function call is handled by the first request type to be invented, SupportRequestSimplify. Adjust all the existing transform functions to handle this API, and rename them fron "xxx_transform" to "xxx_support" to reflect the potential generalization of what they do. (Since we never previously provided any way for extensions to add transform functions, this change doesn't create an API break for them.) Also add DDL and pg_dump support for attaching a support function to a user-defined function. Unfortunately, DDL access has to be restricted to superusers, at least for now; but seeing that support functions will pretty much have to be written in C, that limitation is just theoretical. (This support is untested in this patch, but a follow-on patch will add cases that exercise it.) Discussion: https://postgr.es/m/15193.1548028093@sss.pgh.pa.us
2019-02-10 00:08:48 +01:00
<varlistentry>
<term><literal>SUPPORT</literal> <replaceable class="parameter">support_function</replaceable></term>
<listitem>
<para>
The name (optionally schema-qualified) of a <firstterm>planner support
function</firstterm> to use for this function. See
<xref linkend="xfunc-optimization"/> for details.
You must be superuser to use this option.
</para>
</listitem>
</varlistentry>
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
<varlistentry>
Support SET FROM CURRENT in CREATE/ALTER FUNCTION, ALTER DATABASE, ALTER ROLE. (Actually, it works as a plain statement too, but I didn't document that because it seems a bit useless.) Unify VariableResetStmt with VariableSetStmt, and clean up some ancient cruft in the representation of same.
2007-09-03 20:46:30 +02:00
<term><replaceable>configuration_parameter</replaceable></term>
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
<term><replaceable>value</replaceable></term>
<listitem>
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The <literal>SET</literal> clause causes the specified configuration
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
parameter to be set to the specified value when the function is
entered, and then restored to its prior value when the function exits.
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>SET FROM CURRENT</literal> saves the value of the parameter that
is current when <command>CREATE FUNCTION</command> is executed as the value
Doc: clarify description of CREATE/ALTER FUNCTION ... SET FROM CURRENT. Per discussion with David Johnston.
2016-08-09 19:39:24 +02:00
to be applied when the function is entered.
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
</para>
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
If a <literal>SET</literal> clause is attached to a function, then
the effects of a <command>SET LOCAL</command> command executed inside the
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
function for the same variable are restricted to the function: the
configuration parameter's prior value is still restored at function exit.
However, an ordinary
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<command>SET</command> command (without <literal>LOCAL</literal>) overrides the
<literal>SET</literal> clause, much as it would do for a previous <command>SET
LOCAL</command> command: the effects of such a command will persist after
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
function exit, unless the current transaction is rolled back.
</para>
Remove useless whitespace at end of lines
2010-11-23 21:27:50 +01:00
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
<para>
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
See <xref linkend="sql-set"/> and
<xref linkend="runtime-config"/>
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
for more information about allowed parameter names and values.
</para>
</listitem>
</varlistentry>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<varlistentry>
<term><replaceable class="parameter">definition</replaceable></term>
<listitem>
<para>
Some editorializing on the docs for the dollar-quoting feature: fix grammar, don't drop discussions into the middle of unrelated discussions, etc.
2004-09-21 00:48:29 +02:00
A string constant defining the function; the meaning depends on the
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
language. It can be an internal function name, the path to an
Some editorializing on the docs for the dollar-quoting feature: fix grammar, don't drop discussions into the middle of unrelated discussions, etc.
2004-09-21 00:48:29 +02:00
object file, an SQL command, or text in a procedural language.
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
<para>
It is often helpful to use dollar quoting (see <xref
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
linkend="sql-syntax-dollar-quoting"/>) to write the function definition
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
string, rather than the normal single quote syntax. Without dollar
quoting, any single quotes or backslashes in the function definition must
be escaped by doubling them.
</para>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</listitem>
</varlistentry>
<varlistentry>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<term><literal><replaceable class="parameter">obj_file</replaceable>, <replaceable class="parameter">link_symbol</replaceable></literal></term>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<listitem>
<para>
This form of the <literal>AS</literal> clause is used for
More editing of reference pages.
2003-04-22 12:08:08 +02:00
dynamically loadable C language functions when the function name
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
in the C language source code is not the same as the name of
the SQL function. The string <replaceable
Upgrade documentation connected with shared_preload_libraries et al. Noplace in the documentation actually defined what these variables contain. Define them as lists of arguments for LOAD, and improve that command's documentation a bit. Discussion: https://postgr.es/m/CAB-oJtxHVDc3H+Km3CjB9mY1VDzuyaVH_ZYSz7iXcRqCtb93Ew@mail.gmail.com
2017-06-20 19:39:57 +02:00
class="parameter">obj_file</replaceable> is the name of the shared
library file containing the compiled C function, and is interpreted
Improve <xref> vs. <command> formatting in the documentation SQL commands are generally marked up as <command>, except when a link to a reference page is used using <xref>. But the latter doesn't create monospace markup, so this looks strange especially when a paragraph contains a mix of links and non-links. We considered putting <command> in the <refentrytitle> on the target side, but that creates some formatting side effects elsewhere. Generally, it seems safer to solve this on the link source side. We can't put the <xref> inside the <command>; the DTD doesn't allow this. DocBook 5 would allow the <command> to have the linkend attribute itself, but we are not there yet. So to solve this for now, convert the <xref>s to <link> plus <command>. This gives the correct look and also gives some more flexibility what we can put into the link text (e.g., subcommands or other clauses). In the future, these could then be converted to DocBook 5 style. I haven't converted absolutely all xrefs to SQL command reference pages, only those where we care about the appearance of the link text or where it was otherwise appropriate to make the appearance match a bit better. Also in some cases, the links where repetitive, so in those cases the links where just removed and replaced by a plain <command>. In cases where we just want the link and don't specifically care about the generated link text (typically phrased "for further information see <xref ...>") the xref is kept. Reported-by: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org> Discussion: https://www.postgresql.org/message-id/flat/87o8pco34z.fsf@wibble.ilmari.org
2020-10-03 16:16:51 +02:00
as for the <link linkend="sql-load"><command>LOAD</command></link> command. The string
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<replaceable class="parameter">link_symbol</replaceable> is the
More editing of reference pages.
2003-04-22 12:08:08 +02:00
function's link symbol, that is, the name of the function in the C
Document security implications of qualified names. Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 documented secure schema usage, and that advice suffices for using unqualified names securely. Document, in typeconv-func primarily, the additional issues that arise with qualified names. Back-patch to 9.3 (all supported versions). Reviewed by Jonathan S. Katz. Discussion: https://postgr.es/m/20180721012446.GA1840594@rfd.leadboat.com
2018-07-29 05:08:01 +02:00
language source code. If the link symbol is omitted, it is assumed to
be the same as the name of the SQL function being defined. The C names
of all functions must be different, so you must give overloaded C
functions different C names (for example, use the argument types as
part of the C names).
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
<para>
When repeated <command>CREATE FUNCTION</command> calls refer to
the same object file, the file is only loaded once per session.
To unload and
reload the file (perhaps during development), start a new session.
</para>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</listitem>
</varlistentry>
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
<varlistentry>
<term><replaceable class="parameter">sql_body</replaceable></term>
<listitem>
<para>
The body of a <literal>LANGUAGE SQL</literal> function. This can
either be a single statement
<programlisting>
RETURN <replaceable>expression</replaceable>
</programlisting>
or a block
<programlisting>
BEGIN ATOMIC
<replaceable>statement</replaceable>;
<replaceable>statement</replaceable>;
...
<replaceable>statement</replaceable>;
END
</programlisting>
</para>
<para>
This is similar to writing the text of the function body as a string
constant (see <replaceable>definition</replaceable> above), but there
are some differences: This form only works for <literal>LANGUAGE
SQL</literal>, the string constant form works for all languages. This
form is parsed at function definition time, the string constant form is
parsed at execution time; therefore this form cannot support
polymorphic argument types and other constructs that are not resolvable
at function definition time. This form tracks dependencies between the
function and objects used in the function body, so <literal>DROP
... CASCADE</literal> will work correctly, whereas the form using
string literals may leave dangling functions. Finally, this form is
more compatible with the SQL standard and other SQL implementations.
</para>
</listitem>
</varlistentry>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</variablelist>
Fix SGML markup.
2010-03-03 04:23:12 +01:00
</refsect1>
Complete merge of all old man page information. ecpg reference page still needs formatting.
1999-07-22 17:09:15 +02:00
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
<refsect1 id="sql-createfunction-overloading">
<title>Overloading</title>
Update CREATE FUNCTION docs: mention use of AS clause with INTERNAL functions, add a warning about trying to overload function names for dynamically loaded C functions (from old man page).
1999-05-20 04:57:15 +02:00
Complete merge of all old man page information. ecpg reference page still needs formatting.
1999-07-22 17:09:15 +02:00
<para>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
<productname>PostgreSQL</productname> allows function
<firstterm>overloading</firstterm>; that is, the same name can be
used for several different functions so long as they have distinct
Document security implications of qualified names. Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 documented secure schema usage, and that advice suffices for using unqualified names securely. Document, in typeconv-func primarily, the additional issues that arise with qualified names. Back-patch to 9.3 (all supported versions). Reviewed by Jonathan S. Katz. Discussion: https://postgr.es/m/20180721012446.GA1840594@rfd.leadboat.com
2018-07-29 05:08:01 +02:00
input argument types. Whether or not you use it, this capability entails
security precautions when calling functions in databases where some users
mistrust other users; see <xref linkend="typeconv-func"/>.
Complete merge of all old man page information. ecpg reference page still needs formatting.
1999-07-22 17:09:15 +02:00
</para>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
<para>
Two functions are considered the same if they have the same names and
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<emphasis>input</emphasis> argument types, ignoring any <literal>OUT</literal>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
parameters. Thus for example these declarations conflict:
<programlisting>
CREATE FUNCTION foo(int) ...
CREATE FUNCTION foo(int, out text) ...
</programlisting>
</para>
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
<para>
Functions that have different argument type lists will not be considered
to conflict at creation time, but if defaults are provided they might
conflict in use. For example, consider
<programlisting>
CREATE FUNCTION foo(int) ...
CREATE FUNCTION foo(int, int default 42) ...
</programlisting>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
A call <literal>foo(10)</literal> will fail due to the ambiguity about which
Code review for function default parameters patch. Fix numerous problems as per recent discussions. In passing this also fixes a couple of bugs in the previous variadic-parameters patch.
2008-12-18 19:20:35 +01:00
function should be called.
</para>
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
</refsect1>
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
<refsect1 id="sql-createfunction-notes">
<title>Notes</title>
Add mention of quotes on function body to NOTES section. Oliver Elphick
2003-10-26 05:34:05 +01:00
Fix erroneous handling of shared dependencies (ie dependencies on roles) in CREATE OR REPLACE FUNCTION. The original code would update pg_shdepend as if a new function was being created, even if it wasn't, with two bad consequences: pg_shdepend might record the wrong owner for the function, and any dependencies for roles mentioned in the function's ACL would be lost. The fix is very easy: just don't touch pg_shdepend at all when doing a function replacement. Also update the CREATE FUNCTION reference page, which never explained exactly what changes and doesn't change in a function replacement. In passing, fix the CREATE VIEW reference page similarly; there's no code bug there, but the docs didn't say what happens.
2009-10-02 20:13:04 +02:00
<para>
Restructure CREATE FUNCTION "NOTES" section to be shorter; move items into proper sections, per suggestion from Tom.
2010-03-03 04:14:08 +01:00
The full <acronym>SQL</acronym> type syntax is allowed for
Clarify CREATE FUNCTION documentation about handling of typmods. The previous text was a bit misleading, as well as unnecessarily vague about what information would be discarded. Per gripe from Craig Skinner.
2013-11-13 19:26:33 +01:00
declaring a function's arguments and return value. However,
parenthesized type modifiers (e.g., the precision field for
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
type <type>numeric</type>) are discarded by <command>CREATE FUNCTION</command>.
Clarify CREATE FUNCTION documentation about handling of typmods. The previous text was a bit misleading, as well as unnecessarily vague about what information would be discarded. Per gripe from Craig Skinner.
2013-11-13 19:26:33 +01:00
Thus for example
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>CREATE FUNCTION foo (varchar(10)) ...</literal>
Clarify CREATE FUNCTION documentation about handling of typmods. The previous text was a bit misleading, as well as unnecessarily vague about what information would be discarded. Per gripe from Craig Skinner.
2013-11-13 19:26:33 +01:00
is exactly the same as
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>CREATE FUNCTION foo (varchar) ...</literal>.
Fix erroneous handling of shared dependencies (ie dependencies on roles) in CREATE OR REPLACE FUNCTION. The original code would update pg_shdepend as if a new function was being created, even if it wasn't, with two bad consequences: pg_shdepend might record the wrong owner for the function, and any dependencies for roles mentioned in the function's ACL would be lost. The fix is very easy: just don't touch pg_shdepend at all when doing a function replacement. Also update the CREATE FUNCTION reference page, which never explained exactly what changes and doesn't change in a function replacement. In passing, fix the CREATE VIEW reference page similarly; there's no code bug there, but the docs didn't say what happens.
2009-10-02 20:13:04 +02:00
</para>
Support use of function argument names to identify which actual arguments match which function parameters. The syntax uses AS, for example funcname(value AS arg1, anothervalue AS arg2) Pavel Stehule
2009-10-08 04:39:25 +02:00
<para>
When replacing an existing function with <command>CREATE OR REPLACE
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
FUNCTION</command>, there are restrictions on changing parameter names.
Support use of function argument names to identify which actual arguments match which function parameters. The syntax uses AS, for example funcname(value AS arg1, anothervalue AS arg2) Pavel Stehule
2009-10-08 04:39:25 +02:00
You cannot change the name already assigned to any input parameter
(although you can add names to parameters that had none before).
If there is more than one output parameter, you cannot change the
names of the output parameters, because that would change the
column names of the anonymous composite type that describes the
function's result. These restrictions are made to ensure that
existing calls of the function do not stop working when it is replaced.
</para>
Document the behavior of STRICT VARIADIC functions.
2010-02-14 01:48:12 +01:00
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
If a function is declared <literal>STRICT</literal> with a <literal>VARIADIC</literal>
Document the behavior of STRICT VARIADIC functions.
2010-02-14 01:48:12 +01:00
argument, the strictness check tests that the variadic array <emphasis>as
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
a whole</emphasis> is non-null. The function will still be called if the
Ooops, let's get the non-null vs null bit right ...
2010-02-14 02:01:35 +01:00
array has null elements.
Document the behavior of STRICT VARIADIC functions.
2010-02-14 01:48:12 +01:00
</para>
Clean up to ensure tag completion as required by the newest versions of Norm's Modular Style Sheets and jade/docbook. From Vince Vielhaber <vev@michvhf.com>.
1998-12-29 03:24:47 +01:00
</refsect1>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<refsect1 id="sql-createfunction-examples">
<title>Examples</title>
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
<para>
Use the correct article for abbreviations We've accumulated quite a mix of instances of "an SQL" and "a SQL" in the documents. It would be good to be a bit more consistent with these. The most recent version of the SQL standard I looked at seems to prefer "an SQL". That seems like a good lead to follow, so here we change all instances of "a SQL" to become "an SQL". Most instances correctly use "an SQL" already, so it also makes sense to use the dominant variation in order to minimise churn. Additionally, there were some other abbreviations that needed to be adjusted. FSM, SSPI, SRF and a few others. Also fix some pronounceable, abbreviations to use "a" instead of "an". For example, "a SASL" instead of "an SASL". Here I've only adjusted the documents and error messages. Many others still exist in source code comments. Translator hint comments seem to be the biggest culprit. It currently does not seem worth the churn to change these. Discussion: https://postgr.es/m/CAApHDvpML27UqFXnrYO1MJddsKVMQoiZisPvsAGhKE_tsKXquw%40mail.gmail.com
2021-06-11 03:38:04 +02:00
Add two integers using an SQL function:
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<programlisting>
More editing of reference pages.
2003-04-22 12:08:08 +02:00
CREATE FUNCTION add(integer, integer) RETURNS integer
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
AS 'select $1 + $2;'
More editing of reference pages.
2003-04-22 12:08:08 +02:00
LANGUAGE SQL
IMMUTABLE
RETURNS NULL ON NULL INPUT;
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
</programlisting>
The same function written in a more SQL-conforming style, using argument
names and an unquoted body:
<programlisting>
CREATE FUNCTION add(a integer, b integer) RETURNS integer
LANGUAGE SQL
IMMUTABLE
RETURNS NULL ON NULL INPUT
RETURN a + b;
Example for create function using argument names Gavin Sherry
2004-07-12 01:23:43 +02:00
</programlisting>
</para>
<para>
Remove more traces of libpgtcl from the source tree. Also, make some semi-related SGML cleanup. Original patch from ljb220@mindspring.com, additional cleanup by Neil Conway.
2004-10-01 04:00:44 +02:00
Increment an integer, making use of an argument name, in
<application>PL/pgSQL</application>:
Example for create function using argument names Gavin Sherry
2004-07-12 01:23:43 +02:00
<programlisting>
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
CREATE OR REPLACE FUNCTION increment(i integer) RETURNS integer AS $$
Some editorializing on the docs for the dollar-quoting feature: fix grammar, don't drop discussions into the middle of unrelated discussions, etc.
2004-09-21 00:48:29 +02:00
BEGIN
RETURN i + 1;
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
END;
$$ LANGUAGE plpgsql;
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
</programlisting>
</para>
<para>
Return a record containing multiple output parameters:
<programlisting>
CREATE FUNCTION dup(in int, out f1 int, out f2 text)
AS $$ SELECT $1, CAST($1 AS text) || ' is text' $$
LANGUAGE SQL;
SELECT * FROM dup(42);
</programlisting>
You can do the same thing more verbosely with an explicitly named
composite type:
<programlisting>
CREATE TYPE dup_result AS (f1 int, f2 text);
CREATE FUNCTION dup(int) RETURNS dup_result
AS $$ SELECT $1, CAST($1 AS text) || ' is text' $$
LANGUAGE SQL;
SELECT * FROM dup(42);
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</programlisting>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
Another way to return multiple columns is to use a <literal>TABLE</literal>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
function:
<programlisting>
CREATE FUNCTION dup(int) RETURNS TABLE(f1 int, f2 text)
AS $$ SELECT $1, CAST($1 AS text) || ' is text' $$
LANGUAGE SQL;
SELECT * FROM dup(42);
</programlisting>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
However, a <literal>TABLE</literal> function is different from the
preceding examples, because it actually returns a <emphasis>set</emphasis>
Implement SQL-spec RETURNS TABLE syntax for functions. (Unlike the original submission, this patch treats TABLE output parameters as being entirely equivalent to OUT parameters -- tgl) Pavel Stehule
2008-07-18 05:32:53 +02:00
of records, not just one record.
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
</refsect1>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
<refsect1 id="sql-createfunction-security">
<title>Writing <literal>SECURITY DEFINER</literal> Functions Safely</title>
doc: Improve search_path mentions in index Karl O. Pinc
2012-12-14 05:00:42 +01:00
<indexterm>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<primary><varname>search_path</varname> configuration parameter</primary>
<secondary>use in securing functions</secondary>
doc: Improve search_path mentions in index Karl O. Pinc
2012-12-14 05:00:42 +01:00
</indexterm>
Assorted improvements to SECURITY DEFINER functions documentation. Add a cross-reference from the part of the page that introdues SECURITY INVOKER and SECURITY DEFINER to the part of the page that talks about writing SECURITY DEFINER functions safely, so that users are less likely to miss it. Remove discussion of the pre-8.3 behavior on the theory that it's probably not very relevant any more, that release having gone out of support nearly a decade ago. Add a mention of the new createrole_self_grant GUC, which in certain cases might need to be set to a safe value to avoid unexpected consequences. Possibly this section needs major surgery rather than just these small tweaks, but hopefully this is at least a small step forward. Discussion: http://postgr.es/m/CA+Tgmoauqd1cHQjsNEoxL5O-kEO4iC9dAPyCudSvmNqPJGmy9g@mail.gmail.com
2023-01-16 16:49:59 +01:00
<indexterm>
<primary><varname>createrole_self_grant</varname> configuration parameter</primary>
<secondary>use in securing functions</secondary>
</indexterm>
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
<para>
Because a <literal>SECURITY DEFINER</literal> function is executed
doc: clarify that function "ownership" that controls permission It used to say the creation user. Reported-by: Nathan Wagner
2017-03-21 03:33:26 +01:00
with the privileges of the user that owns it, care is needed to
revert "warn of SECURITY DEFINER schemas for non-sql_body funcs" doc revert of commit 1703726488. Change was applied to irrelevant branches, and was not detailed enough to be helpful in relevant branches. Reported-by: Peter Eisentraut, Noah Misch Discussion: https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.com Backpatch-through: 10
2022-09-28 19:05:21 +02:00
ensure that the function cannot be misused. For security,
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
<xref linkend="guc-search-path"/> should be set to exclude any schemas
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
writable by untrusted users. This prevents
Improve documentation about search_path for SECURITY DEFINER functions. Clarify that the reason for recommending that pg_temp be put last is to prevent temporary tables from capturing unqualified table names. Per discussion with Albe Laurenz. Discussion: <A737B7A37273E048B164557ADEF4A58B5386C6E1@ntex2010i.host.magwien.gv.at>
2016-07-15 16:58:39 +02:00
malicious users from creating objects (e.g., tables, functions, and
operators) that mask objects intended to be used by the function.
Particularly important in this regard is the
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
temporary-table schema, which is searched first by default, and
doc: Small wording change for clarity From: Martín Marqués <martin@2ndquadrant.com>
2016-05-12 14:32:12 +02:00
is normally writable by anyone. A secure arrangement can be obtained
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
by forcing the temporary schema to be searched last. To do this,
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
write <literal>pg_temp</literal><indexterm><primary>pg_temp</primary><secondary>securing functions</secondary></indexterm> as the last entry in <varname>search_path</varname>.
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
This function illustrates safe usage:
<programlisting>
CREATE FUNCTION check_password(uname TEXT, pass TEXT)
RETURNS BOOLEAN AS $$
DECLARE passed BOOLEAN;
BEGIN
SELECT (pwd = $2) INTO passed
FROM pwds
WHERE username = $1;
RETURN passed;
END;
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
$$ LANGUAGE plpgsql
SECURITY DEFINER
-- Set a secure search_path: trusted schema(s), then 'pg_temp'.
SET search_path = admin, pg_temp;
</programlisting>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
This function's intention is to access a table <literal>admin.pwds</literal>.
But without the <literal>SET</literal> clause, or with a <literal>SET</literal> clause
mentioning only <literal>admin</literal>, the function could be subverted by
creating a temporary table named <literal>pwds</literal>.
Improve documentation about search_path for SECURITY DEFINER functions. Clarify that the reason for recommending that pg_temp be put last is to prevent temporary tables from capturing unqualified table names. Per discussion with Albe Laurenz. Discussion: <A737B7A37273E048B164557ADEF4A58B5386C6E1@ntex2010i.host.magwien.gv.at>
2016-07-15 16:58:39 +02:00
</para>
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
<para>
Assorted improvements to SECURITY DEFINER functions documentation. Add a cross-reference from the part of the page that introdues SECURITY INVOKER and SECURITY DEFINER to the part of the page that talks about writing SECURITY DEFINER functions safely, so that users are less likely to miss it. Remove discussion of the pre-8.3 behavior on the theory that it's probably not very relevant any more, that release having gone out of support nearly a decade ago. Add a mention of the new createrole_self_grant GUC, which in certain cases might need to be set to a safe value to avoid unexpected consequences. Possibly this section needs major surgery rather than just these small tweaks, but hopefully this is at least a small step forward. Discussion: http://postgr.es/m/CA+Tgmoauqd1cHQjsNEoxL5O-kEO4iC9dAPyCudSvmNqPJGmy9g@mail.gmail.com
2023-01-16 16:49:59 +01:00
If the security definer function intends to create roles, and if it
is running as a non-superuser, <varname>createrole_self_grant</varname>
should also be set to a known value using the <literal>SET</literal>
clause.
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
</para>
<para>
Another point to keep in mind is that by default, execute privilege
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
is granted to <literal>PUBLIC</literal> for newly created functions
Refactor documentation about privileges to centralize the info. Expand section 5.6 "Privileges" to include the full definition of each privilege type, and an explanation of aclitem privilege displays, along with some helpful summary tables. Most of this material came out of the GRANT reference page, although some of it is new. Adjust a bunch of links that were pointing to GRANT to point to 5.6. Fabien Coelho and Tom Lane, reviewed by Bradley DeJong Discussion: https://postgr.es/m/alpine.DEB.2.21.1807311735200.20743@lancre
2018-12-03 17:40:49 +01:00
(see <xref linkend="ddl-priv"/> for more
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
information). Frequently you will wish to restrict use of a security
definer function to only some users. To do that, you must revoke
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
the default <literal>PUBLIC</literal> privileges and then grant execute
Implement function-local GUC parameter settings, as per recent discussion. There are still some loose ends: I didn't do anything about the SET FROM CURRENT idea yet, and it's not real clear whether we are happy with the interaction of SET LOCAL with function-local settings. The documentation is a bit spartan, too.
2007-09-03 02:39:26 +02:00
privilege selectively. To avoid having a window where the new function
is accessible to all, create it and set the privileges within a single
transaction. For example:
</para>
<programlisting>
BEGIN;
CREATE FUNCTION check_password(uname TEXT, pass TEXT) ... SECURITY DEFINER;
REVOKE ALL ON FUNCTION check_password(uname TEXT, pass TEXT) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION check_password(uname TEXT, pass TEXT) TO admins;
COMMIT;
Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
2007-04-20 04:37:38 +02:00
</programlisting>
</refsect1>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<refsect1 id="sql-createfunction-compat">
<title>Compatibility</title>
Complete merge of all old man page information. ecpg reference page still needs formatting.
1999-07-22 17:09:15 +02:00
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<para>
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
A <command>CREATE FUNCTION</command> command is defined in the SQL
standard. The <productname>PostgreSQL</productname> implementation can be
used in a compatible way but has many extensions. Conversely, the SQL
standard specifies a number of optional features that are not implemented
in <productname>PostgreSQL</productname>.
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</para>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
<para>
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
The following are important compatibility issues:
<itemizedlist>
<listitem>
<para>
<literal>OR REPLACE</literal> is a PostgreSQL extension.
</para>
</listitem>
<listitem>
<para>
For compatibility with some other database systems, <replaceable
class="parameter">argmode</replaceable> can be written either before or
after <replaceable class="parameter">argname</replaceable>. But only
the first way is standard-compliant.
</para>
</listitem>
<listitem>
<para>
For parameter defaults, the SQL standard specifies only the syntax with
the <literal>DEFAULT</literal> key word. The syntax with
<literal>=</literal> is used in T-SQL and Firebird.
</para>
</listitem>
<listitem>
<para>
The <literal>SETOF</literal> modifier is a PostgreSQL extension.
</para>
</listitem>
<listitem>
<para>
Only <literal>SQL</literal> is standardized as a language.
</para>
</listitem>
<listitem>
<para>
All other attributes except <literal>CALLED ON NULL INPUT</literal> and
<literal>RETURNS NULL ON NULL INPUT</literal> are not standardized.
</para>
</listitem>
<listitem>
<para>
For the body of <literal>LANGUAGE SQL</literal> functions, the SQL
standard only specifies the <replaceable>sql_body</replaceable> form.
</para>
</listitem>
</itemizedlist>
First phase of OUT-parameters project. We can now define and use SQL functions with OUT parameters. The various PLs still need work, as does pg_dump. Rudimentary docs and regression tests included.
2005-04-01 00:46:33 +02:00
</para>
Default values for function arguments Pavel Stehule, with some tweaks by Peter Eisentraut
2008-12-04 18:51:28 +01:00
<para>
SQL-standard function body This adds support for writing CREATE FUNCTION and CREATE PROCEDURE statements for language SQL with a function body that conforms to the SQL standard and is portable to other implementations. Instead of the PostgreSQL-specific AS $$ string literal $$ syntax, this allows writing out the SQL statements making up the body unquoted, either as a single statement: CREATE FUNCTION add(a integer, b integer) RETURNS integer LANGUAGE SQL RETURN a + b; or as a block CREATE PROCEDURE insert_data(a integer, b integer) LANGUAGE SQL BEGIN ATOMIC INSERT INTO tbl VALUES (a); INSERT INTO tbl VALUES (b); END; The function body is parsed at function definition time and stored as expression nodes in a new pg_proc column prosqlbody. So at run time, no further parsing is required. However, this form does not support polymorphic arguments, because there is no more parse analysis done at call time. Dependencies between the function and the objects it uses are fully tracked. A new RETURN statement is introduced. This can only be used inside function bodies. Internally, it is treated much like a SELECT statement. psql needs some new intelligence to keep track of function body boundaries so that it doesn't send off statements when it sees semicolons that are inside a function body. Tested-by: Jaime Casanova <jcasanov@systemguards.com.ec> Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/1c11f1eb-f00c-43b7-799d-2d44132c02d7@2ndquadrant.com
2021-04-07 21:30:08 +02:00
Simple <literal>LANGUAGE SQL</literal> functions can be written in a way
that is both standard-conforming and portable to other implementations.
More complex functions using advanced features, optimization attributes, or
other languages will necessarily be specific to PostgreSQL in a significant
way.
Default values for function arguments Pavel Stehule, with some tweaks by Peter Eisentraut
2008-12-04 18:51:28 +01:00
</para>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
</refsect1>
Markup and editing adjustments...
1998-09-16 16:43:12 +02:00
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
<refsect1>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
<title>See Also</title>
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
<simplelist type="inline">
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
<member><xref linkend="sql-alterfunction"/></member>
<member><xref linkend="sql-dropfunction"/></member>
<member><xref linkend="sql-grant"/></member>
<member><xref linkend="sql-load"/></member>
<member><xref linkend="sql-revoke"/></member>
More minor updates and copy-editing.
2005-01-04 01:39:53 +01:00
</simplelist>
First files for reference pages.
1998-05-13 07:34:00 +02:00
</refsect1>
Allow special '$libdir' macro to show up in object file path in CREATE FUNCTION command. Guard against trying to load a directory. Update documentation some.
2001-05-19 11:01:10 +02:00
Minor updates for release. Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml (the emacs parser) to handle parsing.
1999-06-14 09:37:05 +02:00
</refentry>