2021-05-07 16:56:14 +02:00
|
|
|
|
2023-01-02 21:00:37 +01:00
|
|
|
# Copyright (c) 2021-2023, PostgreSQL Global Development Group
|
2021-05-07 16:56:14 +02:00
|
|
|
|
2021-03-12 19:00:01 +01:00
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
2021-10-24 16:28:19 +02:00
|
|
|
use PostgreSQL::Test::Cluster;
|
|
|
|
use PostgreSQL::Test::Utils;
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
use Test::More;
|
|
|
|
|
|
|
|
# This regression test demonstrates that the pg_amcheck binary correctly
|
|
|
|
# identifies specific kinds of corruption within pages. To test this, we need
|
|
|
|
# a mechanism to create corrupt pages with predictable, repeatable corruption.
|
|
|
|
# The postgres backend cannot be expected to help us with this, as its design
|
|
|
|
# is not consistent with the goal of intentionally corrupting pages.
|
|
|
|
#
|
|
|
|
# Instead, we create a table to corrupt, and with careful consideration of how
|
|
|
|
# postgresql lays out heap pages, we seek to offsets within the page and
|
|
|
|
# overwrite deliberately chosen bytes with specific values calculated to
|
|
|
|
# corrupt the page in expected ways. We then verify that pg_amcheck reports
|
|
|
|
# the corruption, and that it runs without crashing. Note that the backend
|
|
|
|
# cannot simply be started to run queries against the corrupt table, as the
|
|
|
|
# backend will crash, at least for some of the corruption types we generate.
|
|
|
|
#
|
|
|
|
# Autovacuum potentially touching the table in the background makes the exact
|
|
|
|
# behavior of this test harder to reason about. We turn it off to keep things
|
|
|
|
# simpler. We use a "belt and suspenders" approach, turning it off for the
|
|
|
|
# system generally in postgresql.conf, and turning it off specifically for the
|
|
|
|
# test table.
|
|
|
|
#
|
|
|
|
# This test depends on the table being written to the heap file exactly as we
|
|
|
|
# expect it to be, so we take care to arrange the columns of the table, and
|
|
|
|
# insert rows of the table, that give predictable sizes and locations within
|
|
|
|
# the table page.
|
|
|
|
#
|
|
|
|
# The HeapTupleHeaderData has 23 bytes of fixed size fields before the variable
|
|
|
|
# length t_bits[] array. We have exactly 3 columns in the table, so natts = 3,
|
|
|
|
# t_bits is 1 byte long, and t_hoff = MAXALIGN(23 + 1) = 24.
|
|
|
|
#
|
|
|
|
# We're not too fussy about which datatypes we use for the test, but we do care
|
|
|
|
# about some specific properties. We'd like to test both fixed size and
|
|
|
|
# varlena types. We'd like some varlena data inline and some toasted. And
|
|
|
|
# we'd like the layout of the table such that the datums land at predictable
|
|
|
|
# offsets within the tuple. We choose a structure without padding on all
|
|
|
|
# supported architectures:
|
|
|
|
#
|
|
|
|
# a BIGINT
|
|
|
|
# b TEXT
|
|
|
|
# c TEXT
|
|
|
|
#
|
|
|
|
# We always insert a 7-ascii character string into field 'b', which with a
|
|
|
|
# 1-byte varlena header gives an 8 byte inline value. We always insert a long
|
|
|
|
# text string in field 'c', long enough to force toast storage.
|
|
|
|
#
|
|
|
|
# We choose to read and write binary copies of our table's tuples, using perl's
|
|
|
|
# pack() and unpack() functions. Perl uses a packing code system in which:
|
|
|
|
#
|
2021-03-12 23:30:17 +01:00
|
|
|
# l = "signed 32-bit Long",
|
2021-03-12 19:00:01 +01:00
|
|
|
# L = "Unsigned 32-bit Long",
|
|
|
|
# S = "Unsigned 16-bit Short",
|
|
|
|
# C = "Unsigned 8-bit Octet",
|
|
|
|
#
|
|
|
|
# Each tuple in our table has a layout as follows:
|
|
|
|
#
|
|
|
|
# xx xx xx xx t_xmin: xxxx offset = 0 L
|
|
|
|
# xx xx xx xx t_xmax: xxxx offset = 4 L
|
|
|
|
# xx xx xx xx t_field3: xxxx offset = 8 L
|
|
|
|
# xx xx bi_hi: xx offset = 12 S
|
|
|
|
# xx xx bi_lo: xx offset = 14 S
|
|
|
|
# xx xx ip_posid: xx offset = 16 S
|
|
|
|
# xx xx t_infomask2: xx offset = 18 S
|
|
|
|
# xx xx t_infomask: xx offset = 20 S
|
|
|
|
# xx t_hoff: x offset = 22 C
|
|
|
|
# xx t_bits: x offset = 23 C
|
2021-03-13 16:55:33 +01:00
|
|
|
# xx xx xx xx xx xx xx xx 'a': xxxxxxxx offset = 24 LL
|
2021-03-12 23:30:17 +01:00
|
|
|
# xx xx xx xx xx xx xx xx 'b': xxxxxxxx offset = 32 CCCCCCCC
|
|
|
|
# xx xx xx xx xx xx xx xx 'c': xxxxxxxx offset = 40 CCllLL
|
|
|
|
# xx xx xx xx xx xx xx xx : xxxxxxxx ...continued
|
|
|
|
# xx xx : xx ...continued
|
2021-03-12 19:00:01 +01:00
|
|
|
#
|
|
|
|
# We could choose to read and write columns 'b' and 'c' in other ways, but
|
|
|
|
# it is convenient enough to do it this way. We define packing code
|
|
|
|
# constants here, where they can be compared easily against the layout.
|
|
|
|
|
2021-03-13 16:55:33 +01:00
|
|
|
use constant HEAPTUPLE_PACK_CODE => 'LLLSSSSSCCLLCCCCCCCCCCllLL';
|
2021-03-12 19:00:01 +01:00
|
|
|
use constant HEAPTUPLE_PACK_LENGTH => 58; # Total size
|
|
|
|
|
|
|
|
# Read a tuple of our table from a heap page.
|
|
|
|
#
|
|
|
|
# Takes an open filehandle to the heap file, and the offset of the tuple.
|
|
|
|
#
|
|
|
|
# Rather than returning the binary data from the file, unpacks the data into a
|
|
|
|
# perl hash with named fields. These fields exactly match the ones understood
|
|
|
|
# by write_tuple(), below. Returns a reference to this hash.
|
|
|
|
#
|
2021-03-12 20:55:40 +01:00
|
|
|
sub read_tuple
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
my ($fh, $offset) = @_;
|
|
|
|
my ($buffer, %tup);
|
Harden TAP tests that intentionally corrupt page checksums.
The previous method for doing that was to write zeroes into a
predetermined set of page locations. However, there's a roughly
1-in-64K chance that the existing checksum will match by chance,
and yesterday several buildfarm animals started to reproducibly
see that, resulting in test failures because no checksum mismatch
was reported.
Since the checksum includes the page LSN, test success depends on
the length of the installation's WAL history, which is affected by
(at least) the initial catalog contents, the set of locales installed
on the system, and the length of the pathname of the test directory.
Sooner or later we were going to hit a chance match, and today is
that day.
Harden these tests by specifically inverting the checksum field and
leaving all else alone, thereby guaranteeing that the checksum is
incorrect.
In passing, fix places that were using seek() to set up for syswrite(),
a combination that the Perl docs very explicitly warn against. We've
probably escaped problems because no regular buffered I/O is done on
these filehandles; but if it ever breaks, we wouldn't deserve or get
much sympathy.
Although we've only seen problems in HEAD, now that we recognize the
environmental dependencies it seems like it might be just a matter
of time until someone manages to hit this in back-branch testing.
Hence, back-patch to v11 where we started doing this kind of test.
Discussion: https://postgr.es/m/3192026.1648185780@sss.pgh.pa.us
2022-03-25 19:23:26 +01:00
|
|
|
sysseek($fh, $offset, 0)
|
|
|
|
or BAIL_OUT("sysseek failed: $!");
|
2021-03-12 19:00:01 +01:00
|
|
|
defined(sysread($fh, $buffer, HEAPTUPLE_PACK_LENGTH))
|
|
|
|
or BAIL_OUT("sysread failed: $!");
|
|
|
|
|
|
|
|
@_ = unpack(HEAPTUPLE_PACK_CODE, $buffer);
|
|
|
|
%tup = (
|
|
|
|
t_xmin => shift,
|
|
|
|
t_xmax => shift,
|
|
|
|
t_field3 => shift,
|
|
|
|
bi_hi => shift,
|
|
|
|
bi_lo => shift,
|
|
|
|
ip_posid => shift,
|
|
|
|
t_infomask2 => shift,
|
|
|
|
t_infomask => shift,
|
|
|
|
t_hoff => shift,
|
|
|
|
t_bits => shift,
|
2021-03-13 16:55:33 +01:00
|
|
|
a_1 => shift,
|
|
|
|
a_2 => shift,
|
2021-03-12 19:00:01 +01:00
|
|
|
b_header => shift,
|
|
|
|
b_body1 => shift,
|
|
|
|
b_body2 => shift,
|
|
|
|
b_body3 => shift,
|
|
|
|
b_body4 => shift,
|
|
|
|
b_body5 => shift,
|
|
|
|
b_body6 => shift,
|
|
|
|
b_body7 => shift,
|
2021-03-12 23:30:17 +01:00
|
|
|
c_va_header => shift,
|
|
|
|
c_va_vartag => shift,
|
|
|
|
c_va_rawsize => shift,
|
Allow configurable LZ4 TOAST compression.
There is now a per-column COMPRESSION option which can be set to pglz
(the default, and the only option in up until now) or lz4. Or, if you
like, you can set the new default_toast_compression GUC to lz4, and
then that will be the default for new table columns for which no value
is specified. We don't have lz4 support in the PostgreSQL code, so
to use lz4 compression, PostgreSQL must be built --with-lz4.
In general, TOAST compression means compression of individual column
values, not the whole tuple, and those values can either be compressed
inline within the tuple or compressed and then stored externally in
the TOAST table, so those properties also apply to this feature.
Prior to this commit, a TOAST pointer has two unused bits as part of
the va_extsize field, and a compessed datum has two unused bits as
part of the va_rawsize field. These bits are unused because the length
of a varlena is limited to 1GB; we now use them to indicate the
compression type that was used. This means we only have bit space for
2 more built-in compresison types, but we could work around that
problem, if necessary, by introducing a new vartag_external value for
any further types we end up wanting to add. Hopefully, it won't be
too important to offer a wide selection of algorithms here, since
each one we add not only takes more coding but also adds a build
dependency for every packager. Nevertheless, it seems worth doing
at least this much, because LZ4 gets better compression than PGLZ
with less CPU usage.
It's possible for LZ4-compressed datums to leak into composite type
values stored on disk, just as it is for PGLZ. It's also possible for
LZ4-compressed attributes to be copied into a different table via SQL
commands such as CREATE TABLE AS or INSERT .. SELECT. It would be
expensive to force such values to be decompressed, so PostgreSQL has
never done so. For the same reasons, we also don't force recompression
of already-compressed values even if the target table prefers a
different compression method than was used for the source data. These
architectural decisions are perhaps arguable but revisiting them is
well beyond the scope of what seemed possible to do as part of this
project. However, it's relatively cheap to recompress as part of
VACUUM FULL or CLUSTER, so this commit adjusts those commands to do
so, if the configured compression method of the table happens not to
match what was used for some column value stored therein.
Dilip Kumar. The original patches on which this work was based were
written by Ildus Kurbangaliev, and those were patches were based on
even earlier work by Nikita Glukhov, but the design has since changed
very substantially, since allow a potentially large number of
compression methods that could be added and dropped on a running
system proved too problematic given some of the architectural issues
mentioned above; the choice of which specific compression method to
add first is now different; and a lot of the code has been heavily
refactored. More recently, Justin Przyby helped quite a bit with
testing and reviewing and this version also includes some code
contributions from him. Other design input and review from Tomas
Vondra, Álvaro Herrera, Andres Freund, Oleg Bartunov, Alexander
Korotkov, and me.
Discussion: http://postgr.es/m/20170907194236.4cefce96%40wp.localdomain
Discussion: http://postgr.es/m/CAFiTN-uUpX3ck%3DK0mLEk-G_kUQY%3DSNOTeqdaNRR9FMdQrHKebw%40mail.gmail.com
2021-03-19 20:10:38 +01:00
|
|
|
c_va_extinfo => shift,
|
2021-03-12 23:30:17 +01:00
|
|
|
c_va_valueid => shift,
|
|
|
|
c_va_toastrelid => shift);
|
2021-03-12 19:00:01 +01:00
|
|
|
# Stitch together the text for column 'b'
|
|
|
|
$tup{b} = join('', map { chr($tup{"b_body$_"}) } (1 .. 7));
|
|
|
|
return \%tup;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Write a tuple of our table to a heap page.
|
|
|
|
#
|
|
|
|
# Takes an open filehandle to the heap file, the offset of the tuple, and a
|
|
|
|
# reference to a hash with the tuple values, as returned by read_tuple().
|
|
|
|
# Writes the tuple fields from the hash into the heap file.
|
|
|
|
#
|
|
|
|
# The purpose of this function is to write a tuple back to disk with some
|
|
|
|
# subset of fields modified. The function does no error checking. Use
|
|
|
|
# cautiously.
|
|
|
|
#
|
2021-03-12 20:55:40 +01:00
|
|
|
sub write_tuple
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
my ($fh, $offset, $tup) = @_;
|
|
|
|
my $buffer = pack(
|
|
|
|
HEAPTUPLE_PACK_CODE,
|
|
|
|
$tup->{t_xmin}, $tup->{t_xmax},
|
|
|
|
$tup->{t_field3}, $tup->{bi_hi},
|
|
|
|
$tup->{bi_lo}, $tup->{ip_posid},
|
|
|
|
$tup->{t_infomask2}, $tup->{t_infomask},
|
|
|
|
$tup->{t_hoff}, $tup->{t_bits},
|
2021-03-13 16:55:33 +01:00
|
|
|
$tup->{a_1}, $tup->{a_2},
|
2021-03-12 19:00:01 +01:00
|
|
|
$tup->{b_header}, $tup->{b_body1},
|
|
|
|
$tup->{b_body2}, $tup->{b_body3},
|
|
|
|
$tup->{b_body4}, $tup->{b_body5},
|
|
|
|
$tup->{b_body6}, $tup->{b_body7},
|
2021-03-12 23:30:17 +01:00
|
|
|
$tup->{c_va_header}, $tup->{c_va_vartag},
|
Allow configurable LZ4 TOAST compression.
There is now a per-column COMPRESSION option which can be set to pglz
(the default, and the only option in up until now) or lz4. Or, if you
like, you can set the new default_toast_compression GUC to lz4, and
then that will be the default for new table columns for which no value
is specified. We don't have lz4 support in the PostgreSQL code, so
to use lz4 compression, PostgreSQL must be built --with-lz4.
In general, TOAST compression means compression of individual column
values, not the whole tuple, and those values can either be compressed
inline within the tuple or compressed and then stored externally in
the TOAST table, so those properties also apply to this feature.
Prior to this commit, a TOAST pointer has two unused bits as part of
the va_extsize field, and a compessed datum has two unused bits as
part of the va_rawsize field. These bits are unused because the length
of a varlena is limited to 1GB; we now use them to indicate the
compression type that was used. This means we only have bit space for
2 more built-in compresison types, but we could work around that
problem, if necessary, by introducing a new vartag_external value for
any further types we end up wanting to add. Hopefully, it won't be
too important to offer a wide selection of algorithms here, since
each one we add not only takes more coding but also adds a build
dependency for every packager. Nevertheless, it seems worth doing
at least this much, because LZ4 gets better compression than PGLZ
with less CPU usage.
It's possible for LZ4-compressed datums to leak into composite type
values stored on disk, just as it is for PGLZ. It's also possible for
LZ4-compressed attributes to be copied into a different table via SQL
commands such as CREATE TABLE AS or INSERT .. SELECT. It would be
expensive to force such values to be decompressed, so PostgreSQL has
never done so. For the same reasons, we also don't force recompression
of already-compressed values even if the target table prefers a
different compression method than was used for the source data. These
architectural decisions are perhaps arguable but revisiting them is
well beyond the scope of what seemed possible to do as part of this
project. However, it's relatively cheap to recompress as part of
VACUUM FULL or CLUSTER, so this commit adjusts those commands to do
so, if the configured compression method of the table happens not to
match what was used for some column value stored therein.
Dilip Kumar. The original patches on which this work was based were
written by Ildus Kurbangaliev, and those were patches were based on
even earlier work by Nikita Glukhov, but the design has since changed
very substantially, since allow a potentially large number of
compression methods that could be added and dropped on a running
system proved too problematic given some of the architectural issues
mentioned above; the choice of which specific compression method to
add first is now different; and a lot of the code has been heavily
refactored. More recently, Justin Przyby helped quite a bit with
testing and reviewing and this version also includes some code
contributions from him. Other design input and review from Tomas
Vondra, Álvaro Herrera, Andres Freund, Oleg Bartunov, Alexander
Korotkov, and me.
Discussion: http://postgr.es/m/20170907194236.4cefce96%40wp.localdomain
Discussion: http://postgr.es/m/CAFiTN-uUpX3ck%3DK0mLEk-G_kUQY%3DSNOTeqdaNRR9FMdQrHKebw%40mail.gmail.com
2021-03-19 20:10:38 +01:00
|
|
|
$tup->{c_va_rawsize}, $tup->{c_va_extinfo},
|
2021-03-12 23:30:17 +01:00
|
|
|
$tup->{c_va_valueid}, $tup->{c_va_toastrelid});
|
Harden TAP tests that intentionally corrupt page checksums.
The previous method for doing that was to write zeroes into a
predetermined set of page locations. However, there's a roughly
1-in-64K chance that the existing checksum will match by chance,
and yesterday several buildfarm animals started to reproducibly
see that, resulting in test failures because no checksum mismatch
was reported.
Since the checksum includes the page LSN, test success depends on
the length of the installation's WAL history, which is affected by
(at least) the initial catalog contents, the set of locales installed
on the system, and the length of the pathname of the test directory.
Sooner or later we were going to hit a chance match, and today is
that day.
Harden these tests by specifically inverting the checksum field and
leaving all else alone, thereby guaranteeing that the checksum is
incorrect.
In passing, fix places that were using seek() to set up for syswrite(),
a combination that the Perl docs very explicitly warn against. We've
probably escaped problems because no regular buffered I/O is done on
these filehandles; but if it ever breaks, we wouldn't deserve or get
much sympathy.
Although we've only seen problems in HEAD, now that we recognize the
environmental dependencies it seems like it might be just a matter
of time until someone manages to hit this in back-branch testing.
Hence, back-patch to v11 where we started doing this kind of test.
Discussion: https://postgr.es/m/3192026.1648185780@sss.pgh.pa.us
2022-03-25 19:23:26 +01:00
|
|
|
sysseek($fh, $offset, 0)
|
|
|
|
or BAIL_OUT("sysseek failed: $!");
|
2021-03-12 19:00:01 +01:00
|
|
|
defined(syswrite($fh, $buffer, HEAPTUPLE_PACK_LENGTH))
|
2021-04-09 06:53:07 +02:00
|
|
|
or BAIL_OUT("syswrite failed: $!");
|
2021-03-12 19:00:01 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Set umask so test directories and files are created with default permissions
|
|
|
|
umask(0077);
|
|
|
|
|
2023-03-22 13:48:54 +01:00
|
|
|
my $pred_xmax;
|
|
|
|
my $pred_posid;
|
|
|
|
my $aborted_xid;
|
2021-03-12 19:00:01 +01:00
|
|
|
# Set up the node. Once we create and corrupt the table,
|
|
|
|
# autovacuum workers visiting the table could crash the backend.
|
|
|
|
# Disable autovacuum so that won't happen.
|
2021-10-24 16:28:19 +02:00
|
|
|
my $node = PostgreSQL::Test::Cluster->new('test');
|
2021-03-12 19:00:01 +01:00
|
|
|
$node->init;
|
|
|
|
$node->append_conf('postgresql.conf', 'autovacuum=off');
|
2023-03-22 13:48:54 +01:00
|
|
|
$node->append_conf('postgresql.conf', 'max_prepared_transactions=10');
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
# Start the node and load the extensions. We depend on both
|
|
|
|
# amcheck and pageinspect for this test.
|
|
|
|
$node->start;
|
|
|
|
my $port = $node->port;
|
|
|
|
my $pgdata = $node->data_dir;
|
|
|
|
$node->safe_psql('postgres', "CREATE EXTENSION amcheck");
|
|
|
|
$node->safe_psql('postgres', "CREATE EXTENSION pageinspect");
|
|
|
|
|
|
|
|
# Get a non-zero datfrozenxid
|
|
|
|
$node->safe_psql('postgres', qq(VACUUM FREEZE));
|
|
|
|
|
|
|
|
# Create the test table with precisely the schema that our corruption function
|
|
|
|
# expects.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
CREATE TABLE public.test (a BIGINT, b TEXT, c TEXT);
|
|
|
|
ALTER TABLE public.test SET (autovacuum_enabled=false);
|
|
|
|
ALTER TABLE public.test ALTER COLUMN c SET STORAGE EXTERNAL;
|
|
|
|
CREATE INDEX test_idx ON public.test(a, b);
|
|
|
|
));
|
|
|
|
|
|
|
|
# We want (0 < datfrozenxid < test.relfrozenxid). To achieve this, we freeze
|
|
|
|
# an otherwise unused table, public.junk, prior to inserting data and freezing
|
|
|
|
# public.test
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
CREATE TABLE public.junk AS SELECT 'junk'::TEXT AS junk_column;
|
|
|
|
ALTER TABLE public.junk SET (autovacuum_enabled=false);
|
|
|
|
VACUUM FREEZE public.junk
|
|
|
|
));
|
|
|
|
|
|
|
|
my $rel = $node->safe_psql('postgres',
|
|
|
|
qq(SELECT pg_relation_filepath('public.test')));
|
|
|
|
my $relpath = "$pgdata/$rel";
|
|
|
|
|
2023-03-22 13:48:54 +01:00
|
|
|
# Initial setup for the public.test table.
|
|
|
|
# $ROWCOUNT is the total number of rows that we expect to insert into the page.
|
|
|
|
# $ROWCOUNT_BASIC is the number of those rows that are related to basic
|
|
|
|
# tuple validation, rather than update chain validation.
|
|
|
|
my $ROWCOUNT = 44;
|
|
|
|
my $ROWCOUNT_BASIC = 16;
|
|
|
|
|
|
|
|
# First insert data needed for tests unrelated to update chain validation.
|
|
|
|
# Then freeze the page. These tuples are at offset numbers 1 to 16.
|
2021-03-12 19:00:01 +01:00
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
INSERT INTO public.test (a, b, c)
|
2023-03-12 00:41:47 +01:00
|
|
|
SELECT
|
2021-03-13 16:55:33 +01:00
|
|
|
x'DEADF9F9DEADF9F9'::bigint,
|
2021-03-12 19:00:01 +01:00
|
|
|
'abcdefg',
|
|
|
|
repeat('w', 10000)
|
2023-03-22 13:48:54 +01:00
|
|
|
FROM generate_series(1, $ROWCOUNT_BASIC);
|
2023-03-12 00:41:47 +01:00
|
|
|
VACUUM FREEZE public.test;)
|
|
|
|
);
|
2021-03-12 19:00:01 +01:00
|
|
|
|
2023-03-22 13:48:54 +01:00
|
|
|
# Create some simple HOT update chains for line pointer validation. After
|
|
|
|
# the page is HOT pruned, we'll have two redirects line pointers each pointing
|
|
|
|
# to a tuple. We'll then change the second redirect to point to the same
|
|
|
|
# tuple as the first one and verify that we can detect corruption.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
INSERT INTO public.test (a, b, c)
|
|
|
|
VALUES ( x'DEADF9F9DEADF9F9'::bigint, 'abcdefg',
|
|
|
|
generate_series(1,2)); -- offset numbers 17 and 18
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '1'; -- offset number 19
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '2'; -- offset number 20
|
|
|
|
));
|
|
|
|
|
|
|
|
# Create some more HOT update chains.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
INSERT INTO public.test (a, b, c)
|
|
|
|
VALUES ( x'DEADF9F9DEADF9F9'::bigint, 'abcdefg',
|
|
|
|
generate_series(3,6)); -- offset numbers 21 through 24
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '3'; -- offset number 25
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '4'; -- offset number 26
|
|
|
|
));
|
|
|
|
|
|
|
|
# Negative test case of HOT-pruning with aborted tuple.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
BEGIN;
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '5'; -- offset number 27
|
|
|
|
ABORT;
|
|
|
|
VACUUM FREEZE public.test;
|
|
|
|
));
|
|
|
|
|
|
|
|
# Next update on any tuple will be stored at the same place of tuple inserted
|
|
|
|
# by aborted transaction. This should not cause the table to appear corrupt.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '6'; -- offset number 27 again
|
|
|
|
VACUUM FREEZE public.test;
|
|
|
|
));
|
|
|
|
|
|
|
|
# Data for HOT chain validation, so not calling VACUUM FREEZE.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
INSERT INTO public.test (a, b, c)
|
|
|
|
VALUES ( x'DEADF9F9DEADF9F9'::bigint, 'abcdefg',
|
|
|
|
generate_series(7,15)); -- offset numbers 28 to 36
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '7'; -- offset number 37
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '10'; -- offset number 38
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '11'; -- offset number 39
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '12'; -- offset number 40
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '13'; -- offset number 41
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '14'; -- offset number 42
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '15'; -- offset number 43
|
|
|
|
));
|
|
|
|
|
|
|
|
# Need one aborted transaction to test corruption in HOT chains.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
BEGIN;
|
|
|
|
UPDATE public.test SET c = 'a' WHERE c = '9'; -- offset number 44
|
|
|
|
ABORT;
|
|
|
|
));
|
|
|
|
|
|
|
|
# Need one in-progress transaction to test few corruption in HOT chains.
|
|
|
|
# We are creating PREPARE TRANSACTION here as these will not be aborted
|
|
|
|
# even if we stop the node.
|
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
BEGIN;
|
|
|
|
PREPARE TRANSACTION 'in_progress_tx';
|
|
|
|
));
|
|
|
|
my $in_progress_xid = $node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
SELECT transaction FROM pg_prepared_xacts;
|
|
|
|
));
|
|
|
|
|
2021-03-12 19:00:01 +01:00
|
|
|
my $relfrozenxid = $node->safe_psql('postgres',
|
|
|
|
q(select relfrozenxid from pg_class where relname = 'test'));
|
|
|
|
my $datfrozenxid = $node->safe_psql('postgres',
|
|
|
|
q(select datfrozenxid from pg_database where datname = 'postgres'));
|
|
|
|
|
|
|
|
# Sanity check that our 'test' table has a relfrozenxid newer than the
|
|
|
|
# datfrozenxid for the database, and that the datfrozenxid is greater than the
|
|
|
|
# first normal xid. We rely on these invariants in some of our tests.
|
|
|
|
if ($datfrozenxid <= 3 || $datfrozenxid >= $relfrozenxid)
|
|
|
|
{
|
|
|
|
$node->clean_node;
|
|
|
|
plan skip_all =>
|
|
|
|
"Xid thresholds not as expected: got datfrozenxid = $datfrozenxid, relfrozenxid = $relfrozenxid";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2023-03-22 13:48:54 +01:00
|
|
|
# Find where each of the tuples is located on the page. If a particular
|
|
|
|
# line pointer is a redirect rather than a tuple, we record the offset as -1.
|
2023-03-12 00:41:47 +01:00
|
|
|
my @lp_off = split '\n', $node->safe_psql(
|
|
|
|
'postgres', qq(
|
2023-03-22 13:48:54 +01:00
|
|
|
SELECT CASE WHEN lp_flags = 2 THEN -1 ELSE lp_off END
|
|
|
|
FROM heap_page_items(get_raw_page('test', 'main', 0))
|
2023-03-12 00:41:47 +01:00
|
|
|
)
|
|
|
|
);
|
|
|
|
is(scalar @lp_off, $ROWCOUNT, "acquired row offsets");
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
# Sanity check that our 'test' table on disk layout matches expectations. If
|
|
|
|
# this is not so, we will have to skip the test until somebody updates the test
|
|
|
|
# to work on this platform.
|
|
|
|
$node->stop;
|
|
|
|
my $file;
|
|
|
|
open($file, '+<', $relpath)
|
|
|
|
or BAIL_OUT("open failed: $!");
|
|
|
|
binmode $file;
|
|
|
|
|
2021-03-12 23:30:17 +01:00
|
|
|
my $ENDIANNESS;
|
2023-03-12 00:41:47 +01:00
|
|
|
for (my $tupidx = 0; $tupidx < $ROWCOUNT; $tupidx++)
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
my $offnum = $tupidx + 1; # offnum is 1-based, not zero-based
|
|
|
|
my $offset = $lp_off[$tupidx];
|
2023-03-22 13:48:54 +01:00
|
|
|
next if $offset == -1; # ignore redirect line pointers
|
2021-03-12 19:00:01 +01:00
|
|
|
my $tup = read_tuple($file, $offset);
|
|
|
|
|
|
|
|
# Sanity-check that the data appears on the page where we expect.
|
2021-03-13 16:55:33 +01:00
|
|
|
my $a_1 = $tup->{a_1};
|
|
|
|
my $a_2 = $tup->{a_2};
|
2021-03-12 19:00:01 +01:00
|
|
|
my $b = $tup->{b};
|
2021-03-13 16:55:33 +01:00
|
|
|
if ($a_1 != 0xDEADF9F9 || $a_2 != 0xDEADF9F9 || $b ne 'abcdefg')
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
close($file); # ignore errors on close; we're exiting anyway
|
|
|
|
$node->clean_node;
|
2021-03-13 16:55:33 +01:00
|
|
|
plan skip_all =>
|
|
|
|
sprintf(
|
2023-03-22 13:48:54 +01:00
|
|
|
"Page layout of index %d differs from our expectations: expected (%x, %x, \"%s\"), got (%x, %x, \"%s\")", $tupidx,
|
2021-03-13 16:55:33 +01:00
|
|
|
0xDEADF9F9, 0xDEADF9F9, "abcdefg", $a_1, $a_2, $b);
|
2021-03-12 19:00:01 +01:00
|
|
|
exit;
|
|
|
|
}
|
2021-03-12 23:30:17 +01:00
|
|
|
|
|
|
|
# Determine endianness of current platform from the 1-byte varlena header
|
|
|
|
$ENDIANNESS = $tup->{b_header} == 0x11 ? "little" : "big";
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
close($file)
|
|
|
|
or BAIL_OUT("close failed: $!");
|
|
|
|
$node->start;
|
|
|
|
|
|
|
|
# Ok, Xids and page layout look ok. We can run corruption tests.
|
|
|
|
|
|
|
|
# Check that pg_amcheck runs against the uncorrupted table without error.
|
|
|
|
$node->command_ok(
|
|
|
|
[ 'pg_amcheck', '-p', $port, 'postgres' ],
|
|
|
|
'pg_amcheck test table, prior to corruption');
|
|
|
|
|
|
|
|
# Check that pg_amcheck runs against the uncorrupted table and index without error.
|
|
|
|
$node->command_ok([ 'pg_amcheck', '-p', $port, 'postgres' ],
|
|
|
|
'pg_amcheck test table and index, prior to corruption');
|
|
|
|
|
|
|
|
$node->stop;
|
|
|
|
|
|
|
|
# Some #define constants from access/htup_details.h for use while corrupting.
|
|
|
|
use constant HEAP_HASNULL => 0x0001;
|
|
|
|
use constant HEAP_XMAX_LOCK_ONLY => 0x0080;
|
|
|
|
use constant HEAP_XMIN_COMMITTED => 0x0100;
|
|
|
|
use constant HEAP_XMIN_INVALID => 0x0200;
|
|
|
|
use constant HEAP_XMAX_COMMITTED => 0x0400;
|
|
|
|
use constant HEAP_XMAX_INVALID => 0x0800;
|
|
|
|
use constant HEAP_NATTS_MASK => 0x07FF;
|
|
|
|
use constant HEAP_XMAX_IS_MULTI => 0x1000;
|
|
|
|
use constant HEAP_KEYS_UPDATED => 0x2000;
|
2023-03-22 13:48:54 +01:00
|
|
|
use constant HEAP_HOT_UPDATED => 0x4000;
|
|
|
|
use constant HEAP_ONLY_TUPLE => 0x8000;
|
|
|
|
use constant HEAP_UPDATED => 0x2000;
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
# Helper function to generate a regular expression matching the header we
|
|
|
|
# expect verify_heapam() to return given which fields we expect to be non-null.
|
|
|
|
sub header
|
|
|
|
{
|
|
|
|
my ($blkno, $offnum, $attnum) = @_;
|
|
|
|
return
|
2021-08-13 17:15:03 +02:00
|
|
|
qr/heap table "postgres\.public\.test", block $blkno, offset $offnum, attribute $attnum:\s+/ms
|
2021-03-12 19:00:01 +01:00
|
|
|
if (defined $attnum);
|
|
|
|
return
|
2021-08-13 17:15:03 +02:00
|
|
|
qr/heap table "postgres\.public\.test", block $blkno, offset $offnum:\s+/ms
|
2021-03-12 19:00:01 +01:00
|
|
|
if (defined $offnum);
|
2021-08-13 17:15:03 +02:00
|
|
|
return qr/heap table "postgres\.public\.test", block $blkno:\s+/ms
|
2021-03-12 19:00:01 +01:00
|
|
|
if (defined $blkno);
|
2021-08-13 17:15:03 +02:00
|
|
|
return qr/heap table "postgres\.public\.test":\s+/ms;
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Corrupt the tuples, one type of corruption per tuple. Some types of
|
|
|
|
# corruption cause verify_heapam to skip to the next tuple without
|
|
|
|
# performing any remaining checks, so we can't exercise the system properly if
|
|
|
|
# we focus all our corruption on a single tuple.
|
|
|
|
#
|
|
|
|
my @expected;
|
|
|
|
open($file, '+<', $relpath)
|
|
|
|
or BAIL_OUT("open failed: $!");
|
|
|
|
binmode $file;
|
|
|
|
|
2023-03-12 00:41:47 +01:00
|
|
|
for (my $tupidx = 0; $tupidx < $ROWCOUNT; $tupidx++)
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
my $offnum = $tupidx + 1; # offnum is 1-based, not zero-based
|
|
|
|
my $offset = $lp_off[$tupidx];
|
|
|
|
my $header = header(0, $offnum, undef);
|
2023-03-22 13:48:54 +01:00
|
|
|
|
|
|
|
# Read tuple, if there is one.
|
|
|
|
my $tup = $offset == -1 ? undef : read_tuple($file, $offset);
|
|
|
|
|
2021-03-12 19:00:01 +01:00
|
|
|
if ($offnum == 1)
|
|
|
|
{
|
|
|
|
# Corruptly set xmin < relfrozenxid
|
|
|
|
my $xmin = $relfrozenxid - 1;
|
|
|
|
$tup->{t_xmin} = $xmin;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_INVALID;
|
|
|
|
|
|
|
|
# Expected corruption report
|
|
|
|
push @expected,
|
|
|
|
qr/${header}xmin $xmin precedes relation freeze threshold 0:\d+/;
|
|
|
|
}
|
2023-03-22 13:48:54 +01:00
|
|
|
elsif ($offnum == 2)
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
# Corruptly set xmin < datfrozenxid
|
|
|
|
my $xmin = 3;
|
|
|
|
$tup->{t_xmin} = $xmin;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_INVALID;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}xmin $xmin precedes oldest valid transaction ID 0:\d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 3)
|
|
|
|
{
|
|
|
|
# Corruptly set xmin < datfrozenxid, further back, noting circularity
|
2023-03-11 23:12:51 +01:00
|
|
|
# of xid comparison.
|
|
|
|
my $xmin = 4026531839;
|
|
|
|
$tup->{t_xmin} = $xmin;
|
2021-03-12 19:00:01 +01:00
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_INVALID;
|
|
|
|
|
|
|
|
push @expected,
|
2023-03-11 23:12:51 +01:00
|
|
|
qr/${$header}xmin ${xmin} precedes oldest valid transaction ID 0:\d+/;
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
elsif ($offnum == 4)
|
|
|
|
{
|
|
|
|
# Corruptly set xmax < relminmxid;
|
2023-03-11 23:12:51 +01:00
|
|
|
my $xmax = 4026531839;
|
|
|
|
$tup->{t_xmax} = $xmax;
|
2021-03-12 19:00:01 +01:00
|
|
|
$tup->{t_infomask} &= ~HEAP_XMAX_INVALID;
|
|
|
|
|
|
|
|
push @expected,
|
2023-03-11 23:12:51 +01:00
|
|
|
qr/${$header}xmax ${xmax} precedes oldest valid transaction ID 0:\d+/;
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
elsif ($offnum == 5)
|
|
|
|
{
|
|
|
|
# Corrupt the tuple t_hoff, but keep it aligned properly
|
|
|
|
$tup->{t_hoff} += 128;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}data begins at offset 152 beyond the tuple length 58/,
|
|
|
|
qr/${$header}tuple data should begin at byte 24, but actually begins at byte 152 \(3 attributes, no nulls\)/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 6)
|
|
|
|
{
|
|
|
|
# Corrupt the tuple t_hoff, wrong alignment
|
|
|
|
$tup->{t_hoff} += 3;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}tuple data should begin at byte 24, but actually begins at byte 27 \(3 attributes, no nulls\)/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 7)
|
|
|
|
{
|
|
|
|
# Corrupt the tuple t_hoff, underflow but correct alignment
|
|
|
|
$tup->{t_hoff} -= 8;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}tuple data should begin at byte 24, but actually begins at byte 16 \(3 attributes, no nulls\)/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 8)
|
|
|
|
{
|
|
|
|
# Corrupt the tuple t_hoff, underflow and wrong alignment
|
|
|
|
$tup->{t_hoff} -= 3;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}tuple data should begin at byte 24, but actually begins at byte 21 \(3 attributes, no nulls\)/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 9)
|
|
|
|
{
|
|
|
|
# Corrupt the tuple to look like it has lots of attributes, not just 3
|
|
|
|
$tup->{t_infomask2} |= HEAP_NATTS_MASK;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}number of attributes 2047 exceeds maximum expected for table 3/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 10)
|
|
|
|
{
|
|
|
|
# Corrupt the tuple to look like it has lots of attributes, some of
|
|
|
|
# them null. This falsely creates the impression that the t_bits
|
|
|
|
# array is longer than just one byte, but t_hoff still says otherwise.
|
|
|
|
$tup->{t_infomask} |= HEAP_HASNULL;
|
|
|
|
$tup->{t_infomask2} |= HEAP_NATTS_MASK;
|
|
|
|
$tup->{t_bits} = 0xAA;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}tuple data should begin at byte 280, but actually begins at byte 24 \(2047 attributes, has nulls\)/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 11)
|
|
|
|
{
|
|
|
|
# Same as above, but this time t_hoff plays along
|
|
|
|
$tup->{t_infomask} |= HEAP_HASNULL;
|
|
|
|
$tup->{t_infomask2} |= (HEAP_NATTS_MASK & 0x40);
|
|
|
|
$tup->{t_bits} = 0xAA;
|
|
|
|
$tup->{t_hoff} = 32;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${$header}number of attributes 67 exceeds maximum expected for table 3/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 12)
|
|
|
|
{
|
2021-03-12 23:30:17 +01:00
|
|
|
# Overwrite column 'b' 1-byte varlena header and initial characters to
|
|
|
|
# look like a long 4-byte varlena
|
|
|
|
#
|
|
|
|
# On little endian machines, bytes ending in two zero bits (xxxxxx00 bytes)
|
|
|
|
# are 4-byte length word, aligned, uncompressed data (up to 1G). We set the
|
|
|
|
# high six bits to 111111 and the lower two bits to 00, then the next three
|
|
|
|
# bytes with 0xFF using 0xFCFFFFFF.
|
|
|
|
#
|
|
|
|
# On big endian machines, bytes starting in two zero bits (00xxxxxx bytes)
|
|
|
|
# are 4-byte length word, aligned, uncompressed data (up to 1G). We set the
|
|
|
|
# low six bits to 111111 and the high two bits to 00, then the next three
|
|
|
|
# bytes with 0xFF using 0x3FFFFFFF.
|
|
|
|
#
|
|
|
|
$tup->{b_header} = $ENDIANNESS eq 'little' ? 0xFC : 0x3F;
|
|
|
|
$tup->{b_body1} = 0xFF;
|
|
|
|
$tup->{b_body2} = 0xFF;
|
|
|
|
$tup->{b_body3} = 0xFF;
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
$header = header(0, $offnum, 1);
|
|
|
|
push @expected,
|
2021-04-14 18:46:31 +02:00
|
|
|
qr/${header}attribute with length \d+ ends at offset \d+ beyond total tuple length \d+/;
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
elsif ($offnum == 13)
|
|
|
|
{
|
|
|
|
# Corrupt the bits in column 'c' toast pointer
|
2021-03-12 23:30:17 +01:00
|
|
|
$tup->{c_va_valueid} = 0xFFFFFFFF;
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
$header = header(0, $offnum, 2);
|
2021-04-14 18:46:31 +02:00
|
|
|
push @expected, qr/${header}toast value \d+ not found in toast table/;
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
elsif ($offnum == 14)
|
|
|
|
{
|
|
|
|
# Set both HEAP_XMAX_COMMITTED and HEAP_XMAX_IS_MULTI
|
|
|
|
$tup->{t_infomask} |= HEAP_XMAX_COMMITTED;
|
|
|
|
$tup->{t_infomask} |= HEAP_XMAX_IS_MULTI;
|
|
|
|
$tup->{t_xmax} = 4;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${header}multitransaction ID 4 equals or exceeds next valid multitransaction ID 1/;
|
|
|
|
}
|
2023-03-11 23:12:51 +01:00
|
|
|
elsif ($offnum == 15)
|
2021-03-12 19:00:01 +01:00
|
|
|
{
|
|
|
|
# Set both HEAP_XMAX_COMMITTED and HEAP_XMAX_IS_MULTI
|
|
|
|
$tup->{t_infomask} |= HEAP_XMAX_COMMITTED;
|
|
|
|
$tup->{t_infomask} |= HEAP_XMAX_IS_MULTI;
|
|
|
|
$tup->{t_xmax} = 4000000000;
|
|
|
|
|
|
|
|
push @expected,
|
|
|
|
qr/${header}multitransaction ID 4000000000 precedes relation minimum multitransaction ID threshold 1/;
|
|
|
|
}
|
2023-03-11 23:12:51 +01:00
|
|
|
elsif ($offnum == 16) # Last offnum must equal ROWCOUNT
|
|
|
|
{
|
|
|
|
# Corruptly set xmin > next_xid to be in the future.
|
|
|
|
my $xmin = 123456;
|
|
|
|
$tup->{t_xmin} = $xmin;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_INVALID;
|
|
|
|
|
|
|
|
push @expected,
|
2023-03-12 00:41:47 +01:00
|
|
|
qr/${$header}xmin ${xmin} equals or exceeds next valid transaction ID 0:\d+/;
|
2023-03-11 23:12:51 +01:00
|
|
|
}
|
2023-03-22 13:48:54 +01:00
|
|
|
elsif ($offnum == 17)
|
|
|
|
{
|
|
|
|
# at offnum 19 we will unset HEAP_ONLY_TUPLE and HEAP_UPDATED flags.
|
|
|
|
die "offnum $offnum should be a redirect" if defined $tup;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}redirected line pointer points to a non-heap-only tuple at offset \d+/;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}redirected line pointer points to a non-heap-updated tuple at offset \d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 18)
|
|
|
|
{
|
|
|
|
# rewrite line pointer with lp_off = 17, lp_flags = 2, lp_len = 0.
|
|
|
|
die "offnum $offnum should be a redirect" if defined $tup;
|
|
|
|
sysseek($file, 92, 0) or BAIL_OUT("sysseek failed: $!");
|
|
|
|
syswrite($file,
|
|
|
|
pack("L", $ENDIANNESS eq 'little' ? 0x00010011 : 0x11000100))
|
|
|
|
or BAIL_OUT("syswrite failed: $!");
|
|
|
|
push @expected,
|
|
|
|
qr/${header}redirected line pointer points to another redirected line pointer at offset \d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 19)
|
|
|
|
{
|
|
|
|
# unset HEAP_ONLY_TUPLE and HEAP_UPDATED flag, so that update chain
|
|
|
|
# validation will complain about offset 17
|
|
|
|
$tup->{t_infomask2} &= ~HEAP_ONLY_TUPLE;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_UPDATED;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 22)
|
|
|
|
{
|
|
|
|
# rewrite line pointer with lp.off = 25, lp_flags = 2, lp_len = 0
|
|
|
|
sysseek($file, 108, 0) or BAIL_OUT("sysseek failed: $!");
|
|
|
|
syswrite($file,
|
|
|
|
pack("L", $ENDIANNESS eq 'little' ? 0x00010019 : 0x19000100))
|
|
|
|
or BAIL_OUT("syswrite failed: $!");
|
|
|
|
push @expected,
|
|
|
|
qr/${header}redirect line pointer points to offset \d+, but offset \d+ also points there/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 28)
|
|
|
|
{
|
|
|
|
$tup->{t_infomask2} &= ~HEAP_HOT_UPDATED;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}non-heap-only update produced a heap-only tuple at offset \d+/;
|
|
|
|
|
|
|
|
# Save these values so we can insert them into the tuple at offnum 29.
|
|
|
|
$pred_xmax = $tup->{t_xmax};
|
|
|
|
$pred_posid = $tup->{ip_posid};
|
|
|
|
}
|
|
|
|
elsif ($offnum == 29)
|
|
|
|
{
|
|
|
|
# Copy these values from the tuple at offset 28.
|
|
|
|
$tup->{t_xmax} = $pred_xmax;
|
|
|
|
$tup->{ip_posid} = $pred_posid;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}tuple points to new version at offset \d+, but offset \d+ also points there/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 30)
|
|
|
|
{
|
|
|
|
# Save xid, so we can insert into into tuple at offset 31.
|
|
|
|
$aborted_xid = $tup->{t_xmax};
|
|
|
|
}
|
|
|
|
elsif ($offnum == 31)
|
|
|
|
{
|
|
|
|
# Set xmin to xmax of tuple at offset 30.
|
|
|
|
$tup->{t_xmin} = $aborted_xid;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}tuple with aborted xmin \d+ was updated to produce a tuple at offset \d+ with committed xmin \d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 32)
|
|
|
|
{
|
|
|
|
$tup->{t_infomask2} |= HEAP_ONLY_TUPLE;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}tuple is root of chain but is marked as heap-only tuple/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 33)
|
|
|
|
{
|
|
|
|
# Tuple at offset 40 is the successor of this one; we'll corrupt it to
|
|
|
|
# be non-heap-only.
|
|
|
|
push @expected,
|
|
|
|
qr/${header}heap-only update produced a non-heap only tuple at offset \d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 34)
|
|
|
|
{
|
|
|
|
$tup->{t_xmax} = 0;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}tuple has been HOT updated, but xmax is 0/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 35)
|
|
|
|
{
|
|
|
|
$tup->{t_xmin} = $in_progress_xid;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}tuple with in-progress xmin \d+ was updated to produce a tuple at offset \d+ with committed xmin \d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 36)
|
|
|
|
{
|
|
|
|
# Tuple at offset 43 is the successor of this one; we'll corrupt it to
|
|
|
|
# have xmin = $in_progress_xid. By setting the xmax of this tuple to
|
|
|
|
# the same value, we make it look like an update chain with an
|
|
|
|
# in-progress XID following a committed one.
|
|
|
|
$tup->{t_xmin} = $aborted_xid;
|
|
|
|
$tup->{t_xmax} = $in_progress_xid;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
push @expected,
|
|
|
|
qr/${header}tuple with aborted xmin \d+ was updated to produce a tuple at offset \d+ with in-progress xmin \d+/;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 40)
|
|
|
|
{
|
|
|
|
# Tuple at offset 33 is the predecessor of this one; the error will
|
|
|
|
# be reported there.
|
|
|
|
$tup->{t_infomask2} &= ~HEAP_ONLY_TUPLE;
|
|
|
|
}
|
|
|
|
elsif ($offnum == 43)
|
|
|
|
{
|
|
|
|
# Tuple at offset 36 is the predecessor of this one; the error will
|
|
|
|
# be reported there.
|
|
|
|
$tup->{t_xmin} = $in_progress_xid;
|
|
|
|
$tup->{t_infomask} &= ~HEAP_XMIN_COMMITTED;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
# The tests for update chain validation end up creating a bunch of
|
|
|
|
# tuples that aren't corrupted in any way e.g. because only one of
|
|
|
|
# the two tuples in the update chain needs to be corrupted for the
|
|
|
|
# test, or because one update chain is being made to erroneously
|
|
|
|
# point into the middle of another that has nothing wrong with it.
|
|
|
|
# In all such cases we need not write the tuple back to the file.
|
|
|
|
next;
|
|
|
|
}
|
|
|
|
|
|
|
|
write_tuple($file, $offset, $tup) if defined $tup;
|
2021-03-12 19:00:01 +01:00
|
|
|
}
|
|
|
|
close($file)
|
|
|
|
or BAIL_OUT("close failed: $!");
|
|
|
|
$node->start;
|
|
|
|
|
|
|
|
# Run pg_amcheck against the corrupt table with epoch=0, comparing actual
|
|
|
|
# corruption messages against the expected messages
|
|
|
|
$node->command_checks_all(
|
|
|
|
[ 'pg_amcheck', '--no-dependent-indexes', '-p', $port, 'postgres' ],
|
|
|
|
2, [@expected], [], 'Expected corruption message output');
|
2023-03-22 13:48:54 +01:00
|
|
|
$node->safe_psql(
|
|
|
|
'postgres', qq(
|
|
|
|
COMMIT PREPARED 'in_progress_tx';
|
|
|
|
));
|
2021-03-12 19:00:01 +01:00
|
|
|
|
|
|
|
$node->teardown_node;
|
|
|
|
$node->clean_node;
|
2022-02-11 20:54:44 +01:00
|
|
|
|
|
|
|
done_testing();
|