| blob | a6a4da326682f779011e92bb2c68ba8c49cf27f1 |
1 /*-------------------------------------------------------------------------
2 *
3 * snapbuild.c
4 *
5 * Infrastructure for building historic catalog snapshots based on contents
6 * of the WAL, for the purpose of decoding heapam.c style values in the
7 * WAL.
8 *
9 * NOTES:
10 *
11 * We build snapshots which can *only* be used to read catalog contents and we
12 * do so by reading and interpreting the WAL stream. The aim is to build a
13 * snapshot that behaves the same as a freshly taken MVCC snapshot would have
14 * at the time the XLogRecord was generated.
15 *
16 * To build the snapshots we reuse the infrastructure built for Hot
17 * Standby. The in-memory snapshots we build look different than HS' because
18 * we have different needs. To successfully decode data from the WAL we only
19 * need to access catalog tables and (sys|rel|cat)cache, not the actual user
20 * tables since the data we decode is wholly contained in the WAL
21 * records. Also, our snapshots need to be different in comparison to normal
22 * MVCC ones because in contrast to those we cannot fully rely on the clog and
23 * pg_subtrans for information about committed transactions because they might
24 * commit in the future from the POV of the WAL entry we're currently
25 * decoding. This definition has the advantage that we only need to prevent
26 * removal of catalog rows, while normal table's rows can still be
27 * removed. This is achieved by using the replication slot mechanism.
28 *
29 * As the percentage of transactions modifying the catalog normally is fairly
30 * small in comparisons to ones only manipulating user data, we keep track of
31 * the committed catalog modifying ones inside [xmin, xmax) instead of keeping
32 * track of all running transactions like it's done in a normal snapshot. Note
33 * that we're generally only looking at transactions that have acquired an
34 * xid. That is we keep a list of transactions between snapshot->(xmin, xmax)
35 * that we consider committed, everything else is considered aborted/in
36 * progress. That also allows us not to care about subtransactions before they
37 * have committed which means this module, in contrast to HS, doesn't have to
38 * care about suboverflowed subtransactions and similar.
39 *
40 * One complexity of doing this is that to e.g. handle mixed DDL/DML
41 * transactions we need Snapshots that see intermediate versions of the
42 * catalog in a transaction. During normal operation this is achieved by using
43 * CommandIds/cmin/cmax. The problem with that however is that for space
44 * efficiency reasons, the cmin and cmax are not included in WAL records. We
45 * cannot read the cmin/cmax from the tuple itself, either, because it is
46 * reset on crash recovery. Even if we could, we could not decode combocids
47 * which are only tracked in the original backend's memory. To work around
48 * that, heapam writes an extra WAL record (XLOG_HEAP2_NEW_CID) every time a
49 * catalog row is modified, which includes the cmin and cmax of the
50 * tuple. During decoding, we insert the ctid->(cmin,cmax) mappings into the
51 * reorder buffer, and use them at visibility checks instead of the cmin/cmax
52 * on the tuple itself. Check the reorderbuffer.c's comment above
53 * ResolveCminCmaxDuringDecoding() for details.
54 *
55 * To facilitate all this we need our own visibility routine, as the normal
56 * ones are optimized for different usecases.
57 *
58 * To replace the normal catalog snapshots with decoding ones use the
59 * SetupHistoricSnapshot() and TeardownHistoricSnapshot() functions.
60 *
61 *
62 *
63 * The snapbuild machinery is starting up in several stages, as illustrated
64 * by the following graph describing the SnapBuild->state transitions:
65 *
66 * +-------------------------+
67 * +----| START |-------------+
68 * | +-------------------------+ |
69 * | | |
70 * | | |
71 * | running_xacts #1 |
72 * | | |
73 * | | |
74 * | v |
75 * | +-------------------------+ v
76 * | | BUILDING_SNAPSHOT |------------>|
77 * | +-------------------------+ |
78 * | | |
79 * | | |
80 * | running_xacts #2, xacts from #1 finished |
81 * | | |
82 * | | |
83 * | v |
84 * | +-------------------------+ v
85 * | | FULL_SNAPSHOT |------------>|
86 * | +-------------------------+ |
87 * | | |
88 * running_xacts | saved snapshot
89 * with zero xacts | at running_xacts's lsn
90 * | | |
91 * | running_xacts with xacts from #2 finished |
92 * | | |
93 * | v |
94 * | +-------------------------+ |
95 * +--->|SNAPBUILD_CONSISTENT |<------------+
96 * +-------------------------+
97 *
98 * Initially the machinery is in the START stage. When an xl_running_xacts
99 * record is read that is sufficiently new (above the safe xmin horizon),
100 * there's a state transition. If there were no running xacts when the
101 * xl_running_xacts record was generated, we'll directly go into CONSISTENT
102 * state, otherwise we'll switch to the BUILDING_SNAPSHOT state. Having a full
103 * snapshot means that all transactions that start henceforth can be decoded
104 * in their entirety, but transactions that started previously can't. In
105 * FULL_SNAPSHOT we'll switch into CONSISTENT once all those previously
106 * running transactions have committed or aborted.
107 *
108 * Only transactions that commit after CONSISTENT state has been reached will
109 * be replayed, even though they might have started while still in
110 * FULL_SNAPSHOT. That ensures that we'll reach a point where no previous
111 * changes has been exported, but all the following ones will be. That point
112 * is a convenient point to initialize replication from, which is why we
113 * export a snapshot at that point, which *can* be used to read normal data.
114 *
115 * Copyright (c) 2012-2024, PostgreSQL Global Development Group
116 *
117 * IDENTIFICATION
118 * src/backend/replication/logical/snapbuild.c
119 *
120 *-------------------------------------------------------------------------
121 */
125 #include <sys/stat.h>
126 #include <unistd.h>
147 /*
148 * Starting a transaction -- which we need to do while exporting a snapshot --
149 * removes knowledge about the previously used resowner, so we save it here.
150 */
154 /* ->committed and ->catchange manipulation */
157 /* snapshot building/manipulation/distribution functions */
167 uint32 xinfo);
169 /* xlog reading helper functions for SnapBuildProcessRunningXacts */
170 static bool SnapBuildFindSnapshot(SnapBuild *builder, XLogRecPtr lsn, xl_running_xacts *running);
173 /* serialization functions */
178 /*
179 * Allocate a new snapshot builder.
180 *
181 * xmin_horizon is the xid >= which we can be sure no catalog rows have been
182 * removed, start_lsn is the LSN >= we want to replay commits.
183 */
184 SnapBuild *
186 TransactionId xmin_horizon,
187 XLogRecPtr start_lsn,
190 XLogRecPtr two_phase_at)
191 {
192 MemoryContext context;
193 MemoryContext oldcontext;
196 /* allocate memory in own context, to have better accountability */
199 ALLOCSET_DEFAULT_SIZES);
207 /* Other struct members initialized by zeroing via palloc0 above */
227 }
229 /*
230 * Free a snapshot builder.
231 */
232 void
234 {
237 /* free snapshot explicitly, that contains some error checking */
239 {
242 }
244 /* other resources are deallocated via memory context reset */
246 }
248 /*
249 * Free an unreferenced snapshot that has previously been built by us.
250 */
251 static void
253 {
254 /* make sure we don't get passed an external snapshot */
257 /* make sure nobody modified our snapshot */
263 /* slightly more likely, so it's checked even without c-asserts */
271 }
273 /*
274 * In which state of snapshot building are we?
275 */
276 SnapBuildState
278 {
280 }
282 /*
283 * Return the LSN at which the two-phase decoding was first enabled.
284 */
285 XLogRecPtr
287 {
289 }
291 /*
292 * Set the LSN at which two-phase decoding is enabled.
293 */
294 void
296 {
298 }
300 /*
301 * Should the contents of transaction ending at 'ptr' be decoded?
302 */
303 bool
305 {
307 }
309 /*
310 * Increase refcount of a snapshot.
311 *
312 * This is used when handing out a snapshot to some external resource or when
313 * adding a Snapshot as builder->snapshot.
314 */
315 static void
317 {
319 }
321 /*
322 * Decrease refcount of a snapshot and free if the refcount reaches zero.
323 *
324 * Externally visible, so that external resources that have been handed an
325 * IncRef'ed Snapshot can adjust its refcount easily.
326 */
327 void
329 {
330 /* make sure we don't get passed an external snapshot */
333 /* make sure nobody modified our snapshot */
342 /* slightly more likely, so it's checked even without casserts */
349 }
351 /*
352 * Build a new snapshot, based on currently committed catalog-modifying
353 * transactions.
354 *
355 * In-progress transactions with catalog access are *not* allowed to modify
356 * these snapshots; they have to copy them and fill in appropriate ->curcid
357 * and ->subxip/subxcnt values.
358 */
359 static Snapshot
361 {
362 Snapshot snapshot;
363 Size ssize;
375 /*
376 * We misuse the original meaning of SnapshotData's xip and subxip fields
377 * to make the more fitting for our needs.
378 *
379 * In the 'xip' array we store transactions that have to be treated as
380 * committed. Since we will only ever look at tuples from transactions
381 * that have modified the catalog it's more efficient to store those few
382 * that exist between xmin and xmax (frequently there are none).
383 *
384 * Snapshots that are used in transactions that have modified the catalog
385 * also use the 'subxip' array to store their toplevel xid and all the
386 * subtransaction xids so we can recognize when we need to treat rows as
387 * visible that are not in xip but still need to be visible. Subxip only
388 * gets filled when the transaction is copied into the context of a
389 * catalog modifying transaction since we otherwise share a snapshot
390 * between transactions. As long as a txn hasn't modified the catalog it
391 * doesn't need to treat any uncommitted rows as visible, so there is no
392 * need for those xids.
393 *
394 * Both arrays are qsort'ed so that we can use bsearch() on them.
395 */
402 /* store all transactions to be treated as committed by this snapshot */
410 /* sort so we can bsearch() */
413 /*
414 * Initially, subxip is empty, i.e. it's a snapshot to be used by
415 * transactions that don't modify the catalog. Will be filled by
416 * ReorderBufferCopySnap() if necessary.
417 */
430 }
432 /*
433 * Build the initial slot snapshot and convert it to a normal snapshot that
434 * is understood by HeapTupleSatisfiesMVCC.
435 *
436 * The snapshot will be usable directly in current transaction or exported
437 * for loading in different transaction.
438 */
439 Snapshot
441 {
442 Snapshot snap;
443 TransactionId xid;
444 TransactionId safeXid;
451 /* don't allow older snapshots */
461 elog(ERROR, "cannot build an initial slot snapshot, not all transactions are monitored anymore");
463 /* so we don't overwrite the existing value */
469 /*
470 * We know that snap->xmin is alive, enforced by the logical xmin
471 * mechanism. Due to that we can do this without locks, we're only
472 * changing our own value.
473 *
474 * Building an initial snapshot is expensive and an unenforced xmin
475 * horizon would have bad consequences, therefore always double-check that
476 * the horizon is enforced.
477 */
483 elog(ERROR, "cannot build an initial slot snapshot as oldest safe xid %u follows snapshot's xmin %u",
488 /* allocate in transaction context */
492 /*
493 * snapbuild.c builds transactions in an "inverted" manner, which means it
494 * stores committed transactions in ->xip, not ones in progress. Build a
495 * classical snapshot by marking all non-committed transactions as
496 * in-progress. This can be expensive.
497 */
499 {
502 /*
503 * Check whether transaction committed using the decoding snapshot
504 * meaning of ->xip.
505 */
510 {
517 }
520 }
522 /* adjust remaining snapshot fields as needed */
528 }
530 /*
531 * Export a snapshot so it can be set in another session with SET TRANSACTION
532 * SNAPSHOT.
533 *
534 * For that we need to start a transaction in the current backend as the
535 * importing side checks whether the source transaction is still open to make
536 * sure the xmin horizon hasn't advanced since then.
537 */
540 {
541 Snapshot snap;
555 /* There doesn't seem to a nice API to set these */
561 /*
562 * now that we've built a plain snapshot, make it active and use the
563 * normal mechanisms for exporting it
564 */
573 }
575 /*
576 * Ensure there is a snapshot and if not build one for current transaction.
577 */
578 Snapshot
580 {
583 /* only build a new snapshot if we don't have a prebuilt one */
585 {
587 /* increase refcount for the snapshot builder */
589 }
592 }
594 /*
595 * Reset a previously SnapBuildExportSnapshot()'ed snapshot if there is
596 * any. Aborts the previously started transaction and resets the resource
597 * owner back to its original value.
598 */
599 void
601 {
602 ResourceOwner tmpResOwner;
604 /* nothing exported, that is the usual case */
611 /*
612 * AbortCurrentTransaction() takes care of resetting the snapshot state,
613 * so remember SavedResourceOwnerDuringExport.
614 */
617 /* make sure nothing could have ever happened */
621 }
623 /*
624 * Clear snapshot export state during transaction abort.
625 */
626 void
628 {
631 }
633 /*
634 * Handle the effects of a single heap change, appropriate to the current state
635 * of the snapshot builder and returns whether changes made at (xid, lsn) can
636 * be decoded.
637 */
638 bool
640 {
641 /*
642 * We can't handle data in transactions if we haven't built a snapshot
643 * yet, so don't store them.
644 */
648 /*
649 * No point in keeping track of changes in transactions that we don't have
650 * enough information about to decode. This means that they started before
651 * we got into the SNAPBUILD_FULL_SNAPSHOT state.
652 */
657 /*
658 * If the reorderbuffer doesn't yet have a snapshot, add one now, it will
659 * be needed to decode the change we're currently processing.
660 */
662 {
663 /* only build a new snapshot if we don't have a prebuilt one */
665 {
667 /* increase refcount for the snapshot builder */
669 }
671 /*
672 * Increase refcount for the transaction we're handing the snapshot
673 * out to.
674 */
678 }
681 }
683 /*
684 * Do CommandId/combo CID handling after reading an xl_heap_new_cid record.
685 * This implies that a transaction has done some form of write to system
686 * catalogs.
687 */
688 void
691 {
692 CommandId cid;
694 /*
695 * we only log new_cid's if a catalog tuple was modified, so mark the
696 * transaction as containing catalog modifications
697 */
705 /* figure out new command id */
713 else
714 {
717 }
720 }
722 /*
723 * Add a new Snapshot to all transactions we're decoding that currently are
724 * in-progress so they can see new catalog contents made by the transaction
725 * that just committed. This is necessary because those in-progress
726 * transactions will use the new catalog's contents from here on (at the very
727 * least everything they do needs to be compatible with newer catalog
728 * contents).
729 */
730 static void
732 {
733 dlist_iter txn_i;
736 /*
737 * Iterate through all toplevel transactions. This can include
738 * subtransactions which we just don't yet know to be that, but that's
739 * fine, they will just get an unnecessary snapshot queued.
740 */
742 {
747 /*
748 * If we don't have a base snapshot yet, there are no changes in this
749 * transaction which in turn implies we don't yet need a snapshot at
750 * all. We'll add a snapshot when the first change gets queued.
751 *
752 * NB: This works correctly even for subtransactions because
753 * ReorderBufferAssignChild() takes care to transfer the base snapshot
754 * to the top-level transaction, and while iterating the changequeue
755 * we'll get the change from the subtxn.
756 */
760 /*
761 * We don't need to add snapshot to prepared transactions as they
762 * should not see the new catalog contents.
763 */
770 /*
771 * increase the snapshot's refcount for the transaction we are handing
772 * it out to
773 */
777 }
778 }
780 /*
781 * Keep track of a new catalog changing transaction that has committed.
782 */
783 static void
785 {
789 {
797 }
799 /*
800 * TODO: It might make sense to keep the array sorted here instead of
801 * doing it every time we build a new snapshot. On the other hand this
802 * gets called repeatedly when a transaction with subtransactions commits.
803 */
805 }
807 /*
808 * Remove knowledge about transactions we treat as committed or containing catalog
809 * changes that are smaller than ->xmin. Those won't ever get checked via
810 * the ->committed or ->catchange array, respectively. The committed xids will
811 * get checked via the clog machinery.
812 *
813 * We can ideally remove the transaction from catchange array once it is
814 * finished (committed/aborted) but that could be costly as we need to maintain
815 * the xids order in the array.
816 */
817 static void
819 {
824 /* not ready yet */
828 /* TODO: Neater algorithm than just copying and iterating? */
829 workspace =
833 /* copy xids that still are interesting to workspace */
835 {
839 else
841 }
843 /* copy workspace back to persistent state */
854 /*
855 * Purge xids in ->catchange as well. The purged array must also be sorted
856 * in xidComparator order.
857 */
859 {
860 /*
861 * Since catchange.xip is sorted, we find the lower bound of xids that
862 * are still interesting.
863 */
865 {
869 }
874 {
877 }
878 else
879 {
882 }
888 }
889 }
891 /*
892 * Handle everything that needs to be done when a transaction commits
893 */
894 void
897 {
906 /*
907 * Transactions preceding BUILDING_SNAPSHOT will neither be decoded, nor
908 * will they be part of a snapshot. So we don't need to record anything.
909 */
913 {
914 /* ensure that only commits after this are getting replayed */
918 }
921 {
922 /* ensure that only commits after this are getting replayed */
926 /*
927 * If building an exportable snapshot, force xid to be tracked, even
928 * if the transaction didn't modify the catalog.
929 */
931 {
933 }
934 }
937 {
940 /*
941 * Add subtransaction to base snapshot if catalog modifying, we don't
942 * distinguish to toplevel transactions there.
943 */
945 {
956 }
958 /*
959 * If we're forcing timetravel we also need visibility information
960 * about subtransaction, so keep track of subtransaction's state, even
961 * if not catalog modifying. Don't need to distribute a snapshot in
962 * that case.
963 */
965 {
969 }
970 }
972 /* if top-level modified catalog, it'll need a snapshot */
974 {
976 xid);
980 }
982 {
983 /* track toplevel txn as well, subxact alone isn't meaningful */
985 xid);
988 }
990 {
994 }
997 {
998 /* record that we cannot export a general snapshot anymore */
1000 }
1004 /*
1005 * Adjust xmax of the snapshot builder, we only do that for committed,
1006 * catalog modifying, transactions, everything else isn't interesting for
1007 * us since we'll never look at the respective rows.
1008 */
1012 {
1015 }
1017 /* if there's any reason to build a historic snapshot, do so now */
1019 {
1020 /*
1021 * If we haven't built a complete snapshot yet there's no need to hand
1022 * it out, it wouldn't (and couldn't) be used anyway.
1023 */
1027 /*
1028 * Decrease the snapshot builder's refcount of the old snapshot, note
1029 * that it still will be used if it has been handed out to the
1030 * reorderbuffer earlier.
1031 */
1037 /* we might need to execute invalidations, add snapshot */
1039 {
1043 }
1045 /* refcount of the snapshot builder for the new snapshot */
1048 /* add a new catalog snapshot to all currently running transactions */
1050 }
1051 }
1053 /*
1054 * Check the reorder buffer and the snapshot to see if the given transaction has
1055 * modified catalogs.
1056 */
1059 uint32 xinfo)
1060 {
1064 /*
1065 * The transactions that have changed catalogs must have invalidation
1066 * info.
1067 */
1071 /* Check the catchange XID array */
1075 }
1077 /* -----------------------------------
1078 * Snapshot building functions dealing with xlog records
1079 * -----------------------------------
1080 */
1082 /*
1083 * Process a running xacts record, and use its information to first build a
1084 * historic snapshot and later to release resources that aren't needed
1085 * anymore.
1086 */
1087 void
1089 {
1091 TransactionId xmin;
1093 /*
1094 * If we're not consistent yet, inspect the record to see whether it
1095 * allows to get closer to being consistent. If we are consistent, dump
1096 * our snapshot so others or we, after a restart, can use it.
1097 */
1099 {
1100 /* returns false if there's no point in performing cleanup just yet */
1103 }
1104 else
1107 /*
1108 * Update range of interesting xids based on the running xacts
1109 * information. We don't increase ->xmax using it, because once we are in
1110 * a consistent state we can do that ourselves and much more efficiently
1111 * so, because we only need to do it for catalog transactions since we
1112 * only ever look at those.
1113 *
1114 * NB: We only increase xmax when a catalog modifying transaction commits
1115 * (see SnapBuildCommitTxn). Because of this, xmax can be lower than
1116 * xmin, which looks odd but is correct and actually more efficient, since
1117 * we hit fast paths in heapam_visibility.c.
1118 */
1121 /* Remove transactions we don't need to keep track off anymore */
1124 /*
1125 * Advance the xmin limit for the current replication slot, to allow
1126 * vacuum to clean up the tuples this slot has been protecting.
1127 *
1128 * The reorderbuffer might have an xmin among the currently running
1129 * snapshots; use it if so. If not, we need only consider the snapshots
1130 * we'll produce later, which can't be less than the oldest running xid in
1131 * the record we're reading now.
1132 */
1140 /*
1141 * Also tell the slot where we can restart decoding from. We don't want to
1142 * do that after every commit because changing that implies an fsync of
1143 * the logical slot's state file, so we only do it every time we see a
1144 * running xacts record.
1145 *
1146 * Do so by looking for the oldest in progress transaction (determined by
1147 * the first LSN of any of its relevant records). Every transaction
1148 * remembers the last location we stored the snapshot to disk before its
1149 * beginning. That point is where we can restart from.
1150 */
1152 /*
1153 * Can't know about a serialized snapshot's location if we're not
1154 * consistent.
1155 */
1161 /*
1162 * oldest ongoing txn might have started when we didn't yet serialize
1163 * anything because we hadn't reached a consistent state yet.
1164 */
1168 /*
1169 * No in-progress transaction, can reuse the last serialized snapshot if
1170 * we have one.
1171 */
1177 }
1180 /*
1181 * Build the start of a snapshot that's capable of decoding the catalog.
1182 *
1183 * Helper function for SnapBuildProcessRunningXacts() while we're not yet
1184 * consistent.
1185 *
1186 * Returns true if there is a point in performing internal maintenance/cleanup
1187 * using the xl_running_xacts record.
1188 */
1189 static bool
1191 {
1192 /* ---
1193 * Build catalog decoding snapshot incrementally using information about
1194 * the currently running transactions. There are several ways to do that:
1195 *
1196 * a) There were no running transactions when the xl_running_xacts record
1197 * was inserted, jump to CONSISTENT immediately. We might find such a
1198 * state while waiting on c)'s sub-states.
1199 *
1200 * b) This (in a previous run) or another decoding slot serialized a
1201 * snapshot to disk that we can use. Can't use this method while finding
1202 * the start point for decoding changes as the restart LSN would be an
1203 * arbitrary LSN but we need to find the start point to extract changes
1204 * where we won't see the data for partial transactions. Also, we cannot
1205 * use this method when a slot needs a full snapshot for export or direct
1206 * use, as that snapshot will only contain catalog modifying transactions.
1207 *
1208 * c) First incrementally build a snapshot for catalog tuples
1209 * (BUILDING_SNAPSHOT), that requires all, already in-progress,
1210 * transactions to finish. Every transaction starting after that
1211 * (FULL_SNAPSHOT state), has enough information to be decoded. But
1212 * for older running transactions no viable snapshot exists yet, so
1213 * CONSISTENT will only be reached once all of those have finished.
1214 * ---
1215 */
1217 /*
1218 * xl_running_xacts record is older than what we can use, we might not
1219 * have all necessary catalog rows anymore.
1220 */
1224 {
1226 (errmsg_internal("skipping snapshot at %X/%X while building logical decoding snapshot, xmin horizon too low",
1235 }
1237 /*
1238 * a) No transaction were running, we can jump to consistent.
1239 *
1240 * This is not affected by races around xl_running_xacts, because we can
1241 * miss transaction commits, but currently not transactions starting.
1242 *
1243 * NB: We might have already started to incrementally assemble a snapshot,
1244 * so we need to be careful to deal with that.
1245 */
1247 {
1250 /* can decode everything after this */
1253 /* As no transactions were running xmin/xmax can be trivially set. */
1257 /* so we can safely use the faster comparisons */
1270 }
1272 /*
1273 * b) valid on disk state and while neither building full snapshot nor
1274 * creating a slot.
1275 */
1279 {
1280 /* there won't be any state to cleanup */
1282 }
1284 /*
1285 * c) transition from START to BUILDING_SNAPSHOT.
1286 *
1287 * In START state, and a xl_running_xacts record with running xacts is
1288 * encountered. In that case, switch to BUILDING_SNAPSHOT state, and
1289 * record xl_running_xacts->nextXid. Once all running xacts have finished
1290 * (i.e. they're all >= nextXid), we have a complete catalog snapshot. It
1291 * might look that we could use xl_running_xacts's ->xids information to
1292 * get there quicker, but that is problematic because transactions marked
1293 * as running, might already have inserted their commit record - it's
1294 * infeasible to change that with locking.
1295 */
1297 {
1301 /*
1302 * Start with an xmin/xmax that's correct for future, when all the
1303 * currently running transactions have finished. We'll update both
1304 * while waiting for the pending transactions to finish.
1305 */
1309 /* so we can safely use the faster comparisons */
1320 }
1322 /*
1323 * c) transition from BUILDING_SNAPSHOT to FULL_SNAPSHOT.
1324 *
1325 * In BUILDING_SNAPSHOT state, and this xl_running_xacts' oldestRunningXid
1326 * is >= than nextXid from when we switched to BUILDING_SNAPSHOT. This
1327 * means all transactions starting afterwards have enough information to
1328 * be decoded. Switch to FULL_SNAPSHOT.
1329 */
1333 {
1344 }
1346 /*
1347 * c) transition from FULL_SNAPSHOT to CONSISTENT.
1348 *
1349 * In FULL_SNAPSHOT state, and this xl_running_xacts' oldestRunningXid is
1350 * >= than nextXid from when we switched to FULL_SNAPSHOT. This means all
1351 * transactions that are currently in progress have a catalog snapshot,
1352 * and all their changes have been collected. Switch to CONSISTENT.
1353 */
1357 {
1365 }
1367 /*
1368 * We already started to track running xacts and need to wait for all
1369 * in-progress ones to finish. We fall through to the normal processing of
1370 * records so incremental cleanup can be performed.
1371 */
1373 }
1375 /* ---
1376 * Iterate through xids in record, wait for all older than the cutoff to
1377 * finish. Then, if possible, log a new xl_running_xacts record.
1378 *
1379 * This isn't required for the correctness of decoding, but to:
1380 * a) allow isolationtester to notice that we're currently waiting for
1381 * something.
1382 * b) log a new xl_running_xacts record where it'd be helpful, without having
1383 * to wait for bgwriter or checkpointer.
1384 * ---
1385 */
1386 static void
1388 {
1392 {
1395 /*
1396 * Upper layers should prevent that we ever need to wait on ourselves.
1397 * Check anyway, since failing to do so would either result in an
1398 * endless wait or an Assert() failure.
1399 */
1407 }
1409 /*
1410 * All transactions we needed to finish finished - try to ensure there is
1411 * another xl_running_xacts record in a timely manner, without having to
1412 * wait for bgwriter or checkpointer to log one. During recovery we can't
1413 * enforce that, so we'll have to wait.
1414 */
1416 {
1418 }
1419 }
1421 #define SnapBuildOnDiskConstantSize \
1422 offsetof(SnapBuildOnDisk, builder)
1423 #define SnapBuildOnDiskNotChecksummedSize \
1424 offsetof(SnapBuildOnDisk, version)
1426 #define SNAPBUILD_MAGIC 0x51A1E001
1427 #define SNAPBUILD_VERSION 6
1429 /*
1430 * Store/Load a snapshot from disk, depending on the snapshot builder's state.
1431 *
1432 * Supposed to be used by external (i.e. not snapbuild.c) code that just read
1433 * a record that's a potential location for a serialized snapshot.
1434 */
1435 void
1437 {
1440 else
1442 }
1444 /*
1445 * Serialize the snapshot 'builder' at the location 'lsn' if it hasn't already
1446 * been done by another decoding process.
1447 */
1448 static void
1450 {
1451 Size needed_length;
1454 MemoryContext old_ctx;
1462 Size sz;
1468 /*
1469 * no point in serializing if we cannot continue to work immediately after
1470 * restoring the snapshot
1471 */
1475 /* consistent snapshots have no next phase */
1478 /*
1479 * We identify snapshots by the LSN they are valid for. We don't need to
1480 * include timelines in the name as each LSN maps to exactly one timeline
1481 * unless the user used pg_resetwal or similar. If a user did so, there's
1482 * no hope continuing to decode anyway.
1483 */
1485 PG_LOGICAL_SNAPSHOTS_DIR,
1488 /*
1489 * first check whether some other backend already has written the snapshot
1490 * for this LSN. It's perfectly fine if there's none, so we accept ENOENT
1491 * as a valid state. Everything else is an unexpected error.
1492 */
1501 {
1502 /*
1503 * somebody else has already serialized to this point, don't overwrite
1504 * but remember location, so we don't need to read old data again.
1505 *
1506 * To be sure it has been synced to disk after the rename() from the
1507 * tempfile filename to the real filename, we just repeat the fsync.
1508 * That ought to be cheap because in most scenarios it should already
1509 * be safely on disk.
1510 */
1516 }
1518 /*
1519 * there is an obvious race condition here between the time we stat(2) the
1520 * file and us writing the file. But we rename the file into place
1521 * atomically and all files created need to contain the same data anyway,
1522 * so this is perfectly fine, although a bit of a resource waste. Locking
1523 * seems like pointless complication.
1524 */
1527 /* to make sure only we will write to this tempfile, include pid */
1529 PG_LOGICAL_SNAPSHOTS_DIR,
1532 /*
1533 * Unlink temporary file if it already exists, needs to have been before a
1534 * crash/error since we won't enter this function twice from within a
1535 * single decoding slot/backend and the temporary file contains the pid of
1536 * the current process.
1537 */
1545 /* Get the catalog modifying transactions that are yet not committed */
1564 /* NULL-ify memory-only data */
1570 /* update catchange only on disk data */
1577 /* copy committed xacts */
1579 {
1584 }
1586 /* copy catalog modifying xacts */
1588 {
1593 }
1597 /* we have valid data now, open tempfile and write it there */
1608 {
1613 /* if write didn't set errno, assume problem is no disk space */
1618 }
1621 /*
1622 * fsync the file before renaming so that even if we crash after this we
1623 * have either a fully valid file or nothing.
1624 *
1625 * It's safe to just ERROR on fsync() here because we'll retry the whole
1626 * operation including the writes.
1627 *
1628 * TODO: Do the fsync() via checkpoints/restartpoints, doing it here has
1629 * some noticeable overhead since it's performed synchronously during
1630 * decoding?
1631 */
1634 {
1642 }
1652 /*
1653 * We may overwrite the work from some other backend, but that's ok, our
1654 * snapshot is valid as well, we'll just have done some superfluous work.
1655 */
1657 {
1662 }
1664 /* make sure we persist */
1668 /*
1669 * Now there's no way we can lose the dumped state anymore, remember this
1670 * as a serialization point.
1671 */
1676 out:
1679 /* be tidy */
1684 }
1686 /*
1687 * Restore the logical snapshot file contents to 'ondisk'.
1688 *
1689 * 'context' is the memory context where the catalog modifying/committed xid
1690 * will live.
1691 * If 'missing_ok' is true, will not throw an error if the file is not found.
1692 */
1693 bool
1696 {
1698 pg_crc32c checksum;
1699 Size sz;
1704 {
1711 }
1713 /* ----
1714 * Make sure the snapshot had been stored safely to disk, that's normally
1715 * cheap.
1716 * Note that we do not need PANIC here, nobody will be able to use the
1717 * slot without fsyncing, and saving it won't succeed without an fsync()
1718 * either...
1719 * ----
1720 */
1724 /* read statically sized portion of snapshot */
1744 /* read SnapBuild */
1748 /* restore committed xacts information */
1750 {
1755 }
1757 /* restore catalog modifying xacts information */
1759 {
1764 }
1773 /* verify checksum of what we've read */
1781 }
1783 /*
1784 * Restore a snapshot into 'builder' if previously one has been stored at the
1785 * location indicated by 'lsn'. Returns true if successful, false otherwise.
1786 */
1787 static bool
1789 {
1790 SnapBuildOnDisk ondisk;
1793 /* no point in loading a snapshot if we're already there */
1798 PG_LOGICAL_SNAPSHOTS_DIR,
1801 /* validate and restore the snapshot to 'ondisk' */
1805 /*
1806 * ok, we now have a sensible snapshot here, figure out if it has more
1807 * information than we have.
1808 */
1810 /*
1811 * We are only interested in consistent snapshots for now, comparing
1812 * whether one incomplete snapshot is more "advanced" seems to be
1813 * unnecessarily complex.
1814 */
1818 /*
1819 * Don't use a snapshot that requires an xmin that we cannot guarantee to
1820 * be available.
1821 */
1825 /*
1826 * Consistent snapshots have no next phase. Reset next_phase_at as it is
1827 * possible that an old value may remain.
1828 */
1832 /* ok, we think the snapshot is sensible, copy over everything important */
1838 /* We only allocated/stored xcnt, not xcnt_space xids ! */
1839 /* don't overwrite preallocated xip, if we don't have anything here */
1841 {
1845 }
1848 /* set catalog modifying transactions */
1855 /* our snapshot is not interesting anymore, build a new one */
1857 {
1859 }
1873 snapshot_not_interesting:
1879 }
1881 /*
1882 * Read the contents of the serialized snapshot to 'dest'.
1883 */
1884 static void
1886 {
1893 {
1899 {
1904 }
1905 else
1910 }
1911 }
1913 /*
1914 * Remove all serialized snapshots that are not required anymore because no
1915 * slot can need them. This doesn't actually have to run during a checkpoint,
1916 * but it's a convenient point to schedule this.
1917 *
1918 * NB: We run this during checkpoints even if logical decoding is disabled so
1919 * we cleanup old slots at some point after it got disabled.
1920 */
1921 void
1923 {
1924 XLogRecPtr cutoff;
1925 XLogRecPtr redo;
1930 /*
1931 * We start off with a minimum of the last redo pointer. No new
1932 * replication slot will start before that, so that's a safe upper bound
1933 * for removal.
1934 */
1937 /* now check for the restart ptrs from existing slots */
1940 /* don't start earlier than the restart lsn */
1946 {
1947 uint32 hi;
1948 uint32 lo;
1949 XLogRecPtr lsn;
1950 PGFileType de_type;
1960 {
1963 }
1965 /*
1966 * temporary filenames from SnapBuildSerialize() include the LSN and
1967 * everything but are postfixed by .$pid.tmp. We can just remove them
1968 * the same as other files because there can be none that are
1969 * currently being written that are older than cutoff.
1970 *
1971 * We just log a message if a file doesn't fit the pattern, it's
1972 * probably some editors lock/state file or similar...
1973 */
1975 {
1979 }
1983 /* check whether we still need it */
1985 {
1988 /*
1989 * It's not particularly harmful, though strange, if we can't
1990 * remove the file here. Don't prevent the checkpoint from
1991 * completing, that'd be a cure worse than the disease.
1992 */
1994 {
1998 path)));
2000 }
2001 }
2002 }
2004 }
2006 /*
2007 * Check if a logical snapshot at the specified point has been serialized.
2008 */
2009 bool
2011 {
2017 PG_LOGICAL_SNAPSHOTS_DIR,
2028 }