| blob | cfe8c5104b6535ce882b709cdd93a3735c743729 |
1 /*-------------------------------------------------------------------------
2 *
3 * catalog.c
4 * routines concerned with catalog naming conventions and other
5 * bits of hard-wired knowledge
6 *
7 *
8 * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
9 * Portions Copyright (c) 1994, Regents of the University of California
10 *
11 *
12 * IDENTIFICATION
13 * src/backend/catalog/catalog.c
14 *
15 *-------------------------------------------------------------------------
16 */
20 #include <fcntl.h>
21 #include <unistd.h>
50 /*
51 * Parameters to determine when to emit a log message in
52 * GetNewOidWithIndex()
53 */
54 #define GETNEWOID_LOG_THRESHOLD 1000000
55 #define GETNEWOID_LOG_MAX_INTERVAL 128000000
57 /*
58 * IsSystemRelation
59 * True iff the relation is either a system catalog or a toast table.
60 * See IsCatalogRelation for the exact definition of a system catalog.
61 *
62 * We treat toast tables of user relations as "system relations" for
63 * protection purposes, e.g. you can't change their schemas without
64 * special permissions. Therefore, most uses of this function are
65 * checking whether allow_system_table_mods restrictions apply.
66 * For other purposes, consider whether you shouldn't be using
67 * IsCatalogRelation instead.
68 *
69 * This function does not perform any catalog accesses.
70 * Some callers rely on that!
71 */
72 bool
74 {
76 }
78 /*
79 * IsSystemClass
80 * Like the above, but takes a Form_pg_class as argument.
81 * Used when we do not want to open the relation and have to
82 * search pg_class directly.
83 */
84 bool
86 {
87 /* IsCatalogRelationOid is a bit faster, so test that first */
89 }
91 /*
92 * IsCatalogRelation
93 * True iff the relation is a system catalog.
94 *
95 * By a system catalog, we mean one that is created during the bootstrap
96 * phase of initdb. That includes not just the catalogs per se, but
97 * also their indexes, and TOAST tables and indexes if any.
98 *
99 * This function does not perform any catalog accesses.
100 * Some callers rely on that!
101 */
102 bool
104 {
106 }
108 /*
109 * IsCatalogRelationOid
110 * True iff the relation identified by this OID is a system catalog.
111 *
112 * By a system catalog, we mean one that is created during the bootstrap
113 * phase of initdb. That includes not just the catalogs per se, but
114 * also their indexes, and TOAST tables and indexes if any.
115 *
116 * This function does not perform any catalog accesses.
117 * Some callers rely on that!
118 */
119 bool
121 {
122 /*
123 * We consider a relation to be a system catalog if it has a pinned OID.
124 * This includes all the defined catalogs, their indexes, and their TOAST
125 * tables and indexes.
126 *
127 * This rule excludes the relations in information_schema, which are not
128 * integral to the system and can be treated the same as user relations.
129 * (Since it's valid to drop and recreate information_schema, any rule
130 * that did not act this way would be wrong.)
131 *
132 * This test is reliable since an OID wraparound will skip this range of
133 * OIDs; see GetNewObjectId().
134 */
136 }
138 /*
139 * IsInplaceUpdateRelation
140 * True iff core code performs inplace updates on the relation.
141 *
142 * This is used for assertions and for making the executor follow the
143 * locking protocol described at README.tuplock section "Locking to write
144 * inplace-updated tables". Extensions may inplace-update other heap
145 * tables, but concurrent SQL UPDATE on the same table may overwrite
146 * those modifications.
147 *
148 * The executor can assume these are not partitions or partitioned and
149 * have no triggers.
150 */
151 bool
153 {
155 }
157 /*
158 * IsInplaceUpdateOid
159 * Like the above, but takes an OID as argument.
160 */
161 bool
163 {
166 }
168 /*
169 * IsToastRelation
170 * True iff relation is a TOAST support relation (or index).
171 *
172 * Does not perform any catalog accesses.
173 */
174 bool
176 {
177 /*
178 * What we actually check is whether the relation belongs to a pg_toast
179 * namespace. This should be equivalent because of restrictions that are
180 * enforced elsewhere against creating user relations in, or moving
181 * relations into/out of, a pg_toast namespace. Notice also that this
182 * will not say "true" for toast tables belonging to other sessions' temp
183 * tables; we expect that other mechanisms will prevent access to those.
184 */
186 }
188 /*
189 * IsToastClass
190 * Like the above, but takes a Form_pg_class as argument.
191 * Used when we do not want to open the relation and have to
192 * search pg_class directly.
193 */
194 bool
196 {
200 }
202 /*
203 * IsCatalogNamespace
204 * True iff namespace is pg_catalog.
205 *
206 * Does not perform any catalog accesses.
207 *
208 * NOTE: the reason this isn't a macro is to avoid having to include
209 * catalog/pg_namespace.h in a lot of places.
210 */
211 bool
213 {
215 }
217 /*
218 * IsToastNamespace
219 * True iff namespace is pg_toast or my temporary-toast-table namespace.
220 *
221 * Does not perform any catalog accesses.
222 *
223 * Note: this will return false for temporary-toast-table namespaces belonging
224 * to other backends. Those are treated the same as other backends' regular
225 * temp table namespaces, and access is prevented where appropriate.
226 * If you need to check for those, you may be able to use isAnyTempNamespace,
227 * but beware that that does involve a catalog access.
228 */
229 bool
231 {
234 }
237 /*
238 * IsReservedName
239 * True iff name starts with the pg_ prefix.
240 *
241 * For some classes of objects, the prefix pg_ is reserved for
242 * system objects only. As of 8.0, this was only true for
243 * schema and tablespace names. With 9.6, this is also true
244 * for roles.
245 */
246 bool
248 {
249 /* ugly coding for speed */
253 }
256 /*
257 * IsSharedRelation
258 * Given the OID of a relation, determine whether it's supposed to be
259 * shared across an entire database cluster.
260 *
261 * In older releases, this had to be hard-wired so that we could compute the
262 * locktag for a relation and lock it before examining its catalog entry.
263 * Since we now have MVCC catalog access, the race conditions that made that
264 * a hard requirement are gone, so we could look at relaxing this restriction.
265 * However, if we scanned the pg_class entry to find relisshared, and only
266 * then locked the relation, pg_class could get updated in the meantime,
267 * forcing us to scan the relation again, which would definitely be complex
268 * and might have undesirable performance consequences. Fortunately, the set
269 * of shared relations is fairly static, so a hand-maintained list of their
270 * OIDs isn't completely impractical.
271 */
272 bool
274 {
275 /* These are the shared catalogs (look for BKI_SHARED_RELATION) */
288 /* These are their indexes */
311 /* These are their toast tables and toast indexes */
330 }
332 /*
333 * IsPinnedObject
334 * Given the class + OID identity of a database object, report whether
335 * it is "pinned", that is not droppable because the system requires it.
336 *
337 * We used to represent this explicitly in pg_depend, but that proved to be
338 * an undesirable amount of overhead, so now we rely on an OID range test.
339 */
340 bool
342 {
343 /*
344 * Objects with OIDs above FirstUnpinnedObjectId are never pinned. Since
345 * the OID generator skips this range when wrapping around, this check
346 * guarantees that user-defined objects are never considered pinned.
347 */
351 /*
352 * Large objects are never pinned. We need this special case because
353 * their OIDs can be user-assigned.
354 */
358 /*
359 * There are a few objects defined in the catalog .dat files that, as a
360 * matter of policy, we prefer not to treat as pinned. We used to handle
361 * that by excluding them from pg_depend, but it's just as easy to
362 * hard-wire their OIDs here. (If the user does indeed drop and recreate
363 * them, they'll have new but certainly-unpinned OIDs, so no problem.)
364 *
365 * Checking both classId and objectId is overkill, since OIDs below
366 * FirstGenbkiObjectId should be globally unique, but do it anyway for
367 * robustness.
368 */
370 /* the public namespace is not pinned */
375 /*
376 * Databases are never pinned. It might seem that it'd be prudent to pin
377 * at least template0; but we do this intentionally so that template0 and
378 * template1 can be rebuilt from each other, thus letting them serve as
379 * mutual backups (as long as you've not modified template1, anyway).
380 */
384 /*
385 * All other initdb-created objects are pinned. This is overkill (the
386 * system doesn't really depend on having every last weird datatype, for
387 * instance) but generating only the minimum required set of dependencies
388 * seems hard, and enforcing an accurate list would be much more expensive
389 * than the simple range test used here.
390 */
392 }
395 /*
396 * GetNewOidWithIndex
397 * Generate a new OID that is unique within the system relation.
398 *
399 * Since the OID is not immediately inserted into the table, there is a
400 * race condition here; but a problem could occur only if someone else
401 * managed to cycle through 2^32 OIDs and generate the same OID before we
402 * finish inserting our row. This seems unlikely to be a problem. Note
403 * that if we had to *commit* the row to end the race condition, the risk
404 * would be rather higher; therefore we use SnapshotAny in the test, so that
405 * we will see uncommitted rows. (We used to use SnapshotDirty, but that has
406 * the disadvantage that it ignores recently-deleted rows, creating a risk
407 * of transient conflicts for as long as our own MVCC snapshots think a
408 * recently-deleted row is live. The risk is far higher when selecting TOAST
409 * OIDs, because SnapshotToast considers dead rows as active indefinitely.)
410 *
411 * Note that we are effectively assuming that the table has a relatively small
412 * number of entries (much less than 2^32) and there aren't very long runs of
413 * consecutive existing OIDs. This is a mostly reasonable assumption for
414 * system catalogs.
415 *
416 * Caller must have a suitable lock on the relation.
417 */
418 Oid
420 {
421 Oid newOid;
422 SysScanDesc scan;
423 ScanKeyData key;
428 /* Only system relations are supported */
431 /* In bootstrap mode, we don't have any indexes to use */
435 /*
436 * We should never be asked to generate a new pg_type OID during
437 * pg_upgrade; doing so would risk collisions with the OIDs it wants to
438 * assign. Hitting this assert means there's some path where we failed to
439 * ensure that a type OID is determined by commands in the dump script.
440 */
443 /* Generate new OIDs until we find one not in the table */
444 do
445 {
451 oidcolumn,
455 /* see notes above about using SnapshotAny */
463 /*
464 * Log that we iterate more than GETNEWOID_LOG_THRESHOLD but have not
465 * yet found OID unused in the relation. Then repeat logging with
466 * exponentially increasing intervals until we iterate more than
467 * GETNEWOID_LOG_MAX_INTERVAL. Finally repeat logging every
468 * GETNEWOID_LOG_MAX_INTERVAL unless an unused OID is found. This
469 * logic is necessary not to fill up the server log with the similar
470 * messages.
471 */
473 {
477 errdetail_plural("OID candidates have been checked %llu time, but no unused OID has been found yet.",
479 retries,
482 /*
483 * Double the number of retries to do before logging next until it
484 * reaches GETNEWOID_LOG_MAX_INTERVAL.
485 */
488 else
490 }
492 retries++;
495 /*
496 * If at least one log message is emitted, also log the completion of OID
497 * assignment.
498 */
500 {
504 retries,
506 }
509 }
511 /*
512 * GetNewRelFileNumber
513 * Generate a new relfilenumber that is unique within the
514 * database of the given tablespace.
515 *
516 * If the relfilenumber will also be used as the relation's OID, pass the
517 * opened pg_class catalog, and this routine will guarantee that the result
518 * is also an unused OID within pg_class. If the result is to be used only
519 * as a relfilenumber for an existing relation, pass NULL for pg_class.
520 *
521 * As with GetNewOidWithIndex(), there is some theoretical risk of a race
522 * condition, but it doesn't seem worth worrying about.
523 *
524 * Note: we don't support using this in bootstrap mode. All relations
525 * created by bootstrap have preassigned OIDs, so there's no need.
526 */
527 RelFileNumber
529 {
530 RelFileLocatorBackend rlocator;
533 ProcNumber procNumber;
535 /*
536 * If we ever get here during pg_upgrade, there's something wrong; all
537 * relfilenumber assignments during a binary-upgrade run should be
538 * determined by commands in the dump script.
539 */
543 {
554 }
556 /* This logic should match RelationInitPhysicalAddr */
562 /*
563 * The relpath will vary based on the backend number, so we must
564 * initialize that properly here to make sure that any collisions based on
565 * filename are properly detected.
566 */
569 do
570 {
573 /* Generate the OID */
576 Anum_pg_class_oid);
577 else
580 /* Check for existing file of same name */
584 {
585 /* definite collision */
587 }
588 else
589 {
590 /*
591 * Here we have a little bit of a dilemma: if errno is something
592 * other than ENOENT, should we declare a collision and loop? In
593 * practice it seems best to go ahead regardless of the errno. If
594 * there is a colliding file we will get an smgr failure when we
595 * attempt to create the new relation file.
596 */
598 }
604 }
606 /*
607 * SQL callable interface for GetNewOidWithIndex(). Outside of initdb's
608 * direct insertions into catalog tables, and recovering from corruption, this
609 * should rarely be needed.
610 *
611 * Function is intentionally not documented in the user facing docs.
612 */
613 Datum
615 {
619 Relation rel;
620 Relation idx;
621 HeapTuple atttuple;
622 Form_pg_attribute attform;
623 AttrNumber attno;
624 Oid newoid;
626 /*
627 * As this function is not intended to be used during normal running, and
628 * only supports system catalogs (which require superuser permissions to
629 * modify), just checking for superuser ought to not obstruct valid
630 * usecases.
631 */
684 }
686 /*
687 * SQL callable interface for StopGeneratingPinnedObjectIds().
688 *
689 * This is only to be used by initdb, so it's intentionally not documented in
690 * the user facing docs.
691 */
692 Datum
694 {
695 /*
696 * Belt-and-suspenders check, since StopGeneratingPinnedObjectIds will
697 * fail anyway in non-single-user mode.
698 */
708 }