| blob | 4b985bd0561513c74719d1da03fe5759ac41f9e0 |
1 /*-------------------------------------------------------------------------
2 *
3 * postgres.c
4 * POSTGRES C Backend Interface
5 *
6 * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
8 *
9 *
10 * IDENTIFICATION
11 * src/backend/tcop/postgres.c
12 *
13 * NOTES
14 * this is the "main" module of the postgres backend and
15 * hence the main module of the "traffic cop".
16 *
17 *-------------------------------------------------------------------------
18 */
22 #include <fcntl.h>
23 #include <limits.h>
24 #include <signal.h>
25 #include <unistd.h>
26 #include <sys/resource.h>
27 #include <sys/socket.h>
28 #include <sys/time.h>
30 #ifdef USE_VALGRIND
31 #include <valgrind/valgrind.h>
32 #endif
83 /* ----------------
84 * global variables
85 * ----------------
86 */
89 /* Note: whereToSendOutput is initialized for the bootstrap/standalone case */
92 /* flag for logging end of session */
97 /* GUC variable for maximum stack depth (measured in kilobytes) */
100 /* wait N seconds to allow attach from a debugger */
103 /* Time between checks that the client is still connected. */
106 /* flags for non-system relation kinds to restrict use */
109 /* ----------------
110 * private typedefs etc
111 * ----------------
112 */
114 /* type of argument for bind_param_error_callback */
116 {
122 /* ----------------
123 * private variables
124 * ----------------
125 */
127 /* max_stack_depth converted to bytes for speed of checking */
130 /*
131 * Stack base pointer -- initialized by PostmasterMain and inherited by
132 * subprocesses (but see also InitPostmasterChild).
133 */
136 /*
137 * Flag to keep track of whether we have started a transaction.
138 * For extended query protocol this has to be remembered across messages.
139 */
142 /*
143 * Flag to indicate that we are doing the outer loop's read-from-client,
144 * as opposed to any random read from client that might happen within
145 * commands like COPY FROM STDIN.
146 */
149 /*
150 * Flags to implement skip-till-Sync-after-error behavior for messages of
151 * the extended query protocol.
152 */
156 /*
157 * If an unnamed prepared statement exists, it's stored here.
158 * We keep it separate from the hashtable kept by commands/prepare.c
159 * in order to reduce overhead for short-lived queries.
160 */
163 /* assorted command-line switches */
168 /* whether or not, and why, we were canceled by conflict with recovery */
172 /* reused buffer to pass to SendRowDescriptionMessage() */
176 /* ----------------------------------------------------------------
177 * decls for routines only used in this file
178 * ----------------------------------------------------------------
179 */
201 /* ----------------------------------------------------------------
202 * infrastructure for valgrind debugging
203 * ----------------------------------------------------------------
204 */
205 #ifdef USE_VALGRIND
206 /* This variable should be set at the top of the main loop. */
209 /*
210 * If Valgrind detected any errors since old_valgrind_error_count was updated,
211 * report the current query as the cause. This should be called at the end
212 * of message processing.
213 */
214 static void
216 {
223 query);
224 }
227 #define valgrind_report_error_query(query) ((void) 0)
231 /* ----------------------------------------------------------------
232 * routines to obtain user input
233 * ----------------------------------------------------------------
234 */
236 /* ----------------
237 * InteractiveBackend() is called for user interactive connections
238 *
239 * the string entered by the user is placed in its parameter inBuf,
240 * and we act like a Q message was received.
241 *
242 * EOF is returned if end-of-file input is seen; time to shut down.
243 * ----------------
244 */
246 static int
248 {
251 /*
252 * display a prompt and obtain input from the user
253 */
259 /*
260 * Read characters until EOF or the appropriate delimiter is seen.
261 */
263 {
265 {
267 {
268 /*
269 * In -j mode, semicolon followed by two newlines ends the
270 * command; otherwise treat newline as regular character.
271 */
275 {
276 /* might as well drop the second newline */
278 }
279 }
280 else
281 {
282 /*
283 * In plain mode, newline ends the command unless preceded by
284 * backslash.
285 */
288 {
289 /* discard backslash from inBuf */
291 /* discard newline too */
293 }
294 else
295 {
296 /* keep the newline character, but end the command */
299 }
300 }
301 }
303 /* Not newline, or newline treated as regular character */
305 }
307 /* No input before EOF signal means time to quit. */
311 /*
312 * otherwise we have a user query so process it.
313 */
315 /* Add '\0' to make it look the same as message case. */
318 /*
319 * if the query echo flag was given, print the query..
320 */
326 }
328 /*
329 * interactive_getc -- collect one character from stdin
330 *
331 * Even though we are not reading from a "client" process, we still want to
332 * respond to signals, particularly SIGTERM/SIGQUIT.
333 */
334 static int
336 {
339 /*
340 * This will not process catchup interrupts or notifications while
341 * reading. But those can't really be relevant for a standalone backend
342 * anyway. To properly handle SIGTERM there's a hack in die() that
343 * directly processes interrupts at this stage...
344 */
352 }
354 /* ----------------
355 * SocketBackend() Is called for frontend-backend connections
356 *
357 * Returns the message type code, and loads message body data into inBuf.
358 *
359 * EOF is returned if the connection is lost.
360 * ----------------
361 */
362 static int
364 {
368 /*
369 * Get message type code from the frontend.
370 */
376 {
381 else
382 {
383 /*
384 * Can't send DEBUG log messages to client at this point. Since
385 * we're disconnecting right away, we don't need to restore
386 * whereToSendOutput.
387 */
392 }
394 }
396 /*
397 * Validate message type code before trying to read body; if we have lost
398 * sync, better to say "command unknown" than to run out of memory because
399 * we used garbage as a length word. We can also select a type-dependent
400 * limit on what a sane length word could be. (The limit could be chosen
401 * more granularly, but it's not clear it's worth fussing over.)
402 *
403 * This also gives us a place to set the doing_extended_query_message flag
404 * as soon as possible.
405 */
407 {
440 /* stop any active skip-till-Sync */
442 /* mark not-extended, so that a new error doesn't begin skip */
459 /*
460 * Otherwise we got garbage from the frontend. We treat this as
461 * fatal because we have probably lost message boundary sync, and
462 * there's no good way to recover.
463 */
469 }
471 /*
472 * In protocol version 3, all frontend messages have a length word next
473 * after the type code; we can read the message contents independently of
474 * the type.
475 */
481 }
483 /* ----------------
484 * ReadCommand reads a command from either the frontend or
485 * standard input, places it in inBuf, and returns the
486 * message type code (first byte of the message).
487 * EOF is returned if end of file.
488 * ----------------
489 */
490 static int
492 {
497 else
500 }
502 /*
503 * ProcessClientReadInterrupt() - Process interrupts specific to client reads
504 *
505 * This is called just before and after low-level reads.
506 * 'blocked' is true if no data was available to read and we plan to retry,
507 * false if about to read or done reading.
508 *
509 * Must preserve errno!
510 */
511 void
513 {
517 {
518 /* Check for general interrupts that arrived before/while reading */
521 /* Process sinval catchup interrupts, if any */
525 /* Process notify interrupts, if any */
528 }
530 {
531 /*
532 * We're dying. If there is no data available to read, then it's safe
533 * (and sane) to handle that now. If we haven't tried to read yet,
534 * make sure the process latch is set, so that if there is no data
535 * then we'll come back here and die. If we're done reading, also
536 * make sure the process latch is set, as we might've undesirably
537 * cleared it while reading.
538 */
541 else
543 }
546 }
548 /*
549 * ProcessClientWriteInterrupt() - Process interrupts specific to client writes
550 *
551 * This is called just before and after low-level writes.
552 * 'blocked' is true if no data could be written and we plan to retry,
553 * false if about to write or done writing.
554 *
555 * Must preserve errno!
556 */
557 void
559 {
563 {
564 /*
565 * We're dying. If it's not possible to write, then we should handle
566 * that immediately, else a stuck client could indefinitely delay our
567 * response to the signal. If we haven't tried to write yet, make
568 * sure the process latch is set, so that if the write would block
569 * then we'll come back here and die. If we're done writing, also
570 * make sure the process latch is set, as we might've undesirably
571 * cleared it while writing.
572 */
574 {
575 /*
576 * Don't mess with whereToSendOutput if ProcessInterrupts wouldn't
577 * service ProcDiePending.
578 */
580 {
581 /*
582 * We don't want to send the client the error message, as a)
583 * that would possibly block again, and b) it would likely
584 * lead to loss of protocol sync because we may have already
585 * sent a partial protocol message.
586 */
591 }
592 }
593 else
595 }
598 }
600 /*
601 * Do raw parsing (only).
602 *
603 * A list of parsetrees (RawStmt nodes) is returned, since there might be
604 * multiple commands in the given string.
605 *
606 * NOTE: for interactive queries, it is important to keep this routine
607 * separate from the analysis & rewrite stages. Analysis and rewriting
608 * cannot be done in an aborted transaction, since they require access to
609 * database tables. So, we rely on the raw parser to determine whether
610 * we've seen a COMMIT or ABORT command; when we are in abort state, other
611 * commands are not processed any further than the raw parse stage.
612 */
613 List *
615 {
628 #ifdef DEBUG_NODE_TESTS_ENABLED
630 /* Optional debugging check: pass raw parsetrees through copyObject() */
632 {
635 /* This checks both copyObject() and the equal() routines... */
638 else
640 }
642 /*
643 * Optional debugging check: pass raw parsetrees through
644 * outfuncs/readfuncs
645 */
647 {
652 /* This checks both outfuncs/readfuncs and the equal() routines... */
655 else
657 }
664 }
666 /*
667 * Given a raw parsetree (gram.y output), and optionally information about
668 * types of parameter symbols ($n), perform parse analysis and rule rewriting.
669 *
670 * A list of Query nodes is returned, since either the analyzer or the
671 * rewriter might expand one query to several.
672 *
673 * NOTE: for reasons mentioned above, this must be separate from raw parsing.
674 */
675 List *
681 {
687 /*
688 * (1) Perform parse analysis.
689 */
694 queryEnv);
699 /*
700 * (2) Rewrite the queries, as necessary
701 */
707 }
709 /*
710 * Do parse analysis and rewriting. This is the same as
711 * pg_analyze_and_rewrite_fixedparams except that it's okay to deduce
712 * information about $n symbol datatypes from context.
713 */
714 List *
720 {
726 /*
727 * (1) Perform parse analysis.
728 */
733 queryEnv);
735 /*
736 * Check all parameter types got determined.
737 */
739 {
747 }
752 /*
753 * (2) Rewrite the queries, as necessary
754 */
760 }
762 /*
763 * Do parse analysis and rewriting. This is the same as
764 * pg_analyze_and_rewrite_fixedparams except that, instead of a fixed list of
765 * parameter datatypes, a parser callback is supplied that can do
766 * external-parameter resolution and possibly other things.
767 */
768 List *
771 ParserSetupHook parserSetup,
774 {
780 /*
781 * (1) Perform parse analysis.
782 */
787 queryEnv);
792 /*
793 * (2) Rewrite the queries, as necessary
794 */
800 }
802 /*
803 * Perform rewriting of a query produced by parse analysis.
804 *
805 * Note: query must just have come from the parser, because we do not do
806 * AcquireRewriteLocks() on it.
807 */
808 List *
810 {
815 Debug_pretty_print);
821 {
822 /* don't rewrite utilities, just dump 'em into result list */
824 }
825 else
826 {
827 /* rewrite regular queries */
829 }
834 #ifdef DEBUG_NODE_TESTS_ENABLED
836 /* Optional debugging check: pass querytree through copyObject() */
838 {
842 /* This checks both copyObject() and the equal() routines... */
845 else
847 }
849 /* Optional debugging check: pass querytree through outfuncs/readfuncs */
851 {
856 {
861 /*
862 * queryId is not saved in stored rules, but we must preserve it
863 * here to avoid breaking pg_stat_statements.
864 */
869 }
871 /* This checks both outfuncs/readfuncs and the equal() routines... */
874 else
876 }
882 Debug_pretty_print);
885 }
888 /*
889 * Generate a plan for a single already-rewritten query.
890 * This is a thin wrapper around planner() and takes the same parameters.
891 */
892 PlannedStmt *
894 ParamListInfo boundParams)
895 {
898 /* Utility commands have no plans. */
902 /* Planner must have a snapshot in case it calls user-defined functions. */
910 /* call the optimizer */
916 #ifdef DEBUG_NODE_TESTS_ENABLED
918 /* Optional debugging check: pass plan tree through copyObject() */
920 {
923 /*
924 * equal() currently does not have routines to compare Plan nodes, so
925 * don't try to test equality here. Perhaps fix someday?
926 */
927 #ifdef NOT_USED
928 /* This checks both copyObject() and the equal() routines... */
931 else
932 #endif
934 }
936 /* Optional debugging check: pass plan tree through outfuncs/readfuncs */
938 {
946 /*
947 * equal() currently does not have routines to compare Plan nodes, so
948 * don't try to test equality here. Perhaps fix someday?
949 */
950 #ifdef NOT_USED
951 /* This checks both outfuncs/readfuncs and the equal() routines... */
954 else
955 #endif
957 }
961 /*
962 * Print plan if debugging.
963 */
970 }
972 /*
973 * Generate plans for a list of already-rewritten queries.
974 *
975 * For normal optimizable statements, invoke the planner. For utility
976 * statements, just make a wrapper PlannedStmt node.
977 *
978 * The result is a list of PlannedStmt nodes.
979 */
980 List *
982 ParamListInfo boundParams)
983 {
988 {
993 {
994 /* Utility commands require no planning. */
1002 }
1003 else
1004 {
1006 boundParams);
1007 }
1010 }
1013 }
1016 /*
1017 * exec_simple_query
1018 *
1019 * Execute a "simple Query" protocol message.
1020 */
1021 static void
1023 {
1025 MemoryContext oldcontext;
1033 /*
1034 * Report query to various monitoring facilities.
1035 */
1042 /*
1043 * We use save_log_statement_stats so ShowUsage doesn't report incorrect
1044 * results because ResetUsage wasn't called.
1045 */
1049 /*
1050 * Start up a transaction command. All queries generated by the
1051 * query_string will be in this same command block, *unless* we find a
1052 * BEGIN/COMMIT/ABORT statement; we have to force a new xact command after
1053 * one of those, else bad things will happen in xact.c. (Note that this
1054 * will normally change current memory context.)
1055 */
1058 /*
1059 * Zap any pre-existing unnamed statement. (While not strictly necessary,
1060 * it seems best to define simple-Query mode as if it used the unnamed
1061 * statement and portal; this ensures we recover any storage used by prior
1062 * unnamed operations.)
1063 */
1066 /*
1067 * Switch to appropriate context for constructing parsetrees.
1068 */
1071 /*
1072 * Do basic parsing of the query or queries (this should be safe even if
1073 * we are in aborted transaction state!)
1074 */
1077 /* Log immediately if dictated by log_statement */
1079 {
1085 }
1087 /*
1088 * Switch back to transaction context to enter the loop.
1089 */
1092 /*
1093 * For historical reasons, if multiple SQL statements are given in a
1094 * single "simple Query" message, we execute them as a single transaction,
1095 * unless explicit transaction control commands are included to make
1096 * portions of the list be separate transactions. To represent this
1097 * behavior properly in the transaction machinery, we use an "implicit"
1098 * transaction block.
1099 */
1102 /*
1103 * Run through the raw parsetree(s) and process each one.
1104 */
1106 {
1109 CommandTag commandTag;
1110 QueryCompletion qc;
1114 Portal portal;
1116 int16 format;
1122 /*
1123 * Get the command name for use in status display (it also becomes the
1124 * default completion tag, down inside PortalRun). Set ps_status and
1125 * do any special start-of-SQL-command processing needed by the
1126 * destination.
1127 */
1135 /*
1136 * If we are in an aborted transaction, reject all commands except
1137 * COMMIT/ABORT. It is important that this test occur before we try
1138 * to do parse analysis, rewrite, or planning, since all those phases
1139 * try to do database accesses, which may fail in abort state. (It
1140 * might be safe to allow some additional utility commands in this
1141 * state, but not many...)
1142 */
1151 /* Make sure we are in a transaction command */
1154 /*
1155 * If using an implicit transaction block, and we're not already in a
1156 * transaction block, start an implicit block to force this statement
1157 * to be grouped together with any following ones. (We must do this
1158 * each time through the loop; otherwise, a COMMIT/ROLLBACK in the
1159 * list would cause later statements to not be grouped.)
1160 */
1164 /* If we got a cancel signal in parsing or prior command, quit */
1167 /*
1168 * Set up a snapshot if parse analysis/planning will need one.
1169 */
1171 {
1174 }
1176 /*
1177 * OK to analyze, rewrite, and plan this query.
1178 *
1179 * Switch to appropriate context for constructing query and plan trees
1180 * (these can't be in the transaction context, as that will get reset
1181 * when the command is COMMIT/ROLLBACK). If we have multiple
1182 * parsetrees, we use a separate context for each one, so that we can
1183 * free that memory before moving on to the next one. But for the
1184 * last (or only) parsetree, just use MessageContext, which will be
1185 * reset shortly after completion anyway. In event of an error, the
1186 * per_parsetree_context will be deleted when MessageContext is reset.
1187 */
1189 {
1190 per_parsetree_context =
1193 ALLOCSET_DEFAULT_SIZES);
1195 }
1196 else
1205 /*
1206 * Done with the snapshot used for parsing/planning.
1207 *
1208 * While it looks promising to reuse the same snapshot for query
1209 * execution (at least for simple protocol), unfortunately it causes
1210 * execution to use a snapshot that has been acquired before locking
1211 * any of the tables mentioned in the query. This creates user-
1212 * visible anomalies, so refrain. Refer to
1213 * https://postgr.es/m/flat/5075D8DF.6050500@fuzzy.cz for details.
1214 */
1218 /* If we got a cancel signal in analysis or planning, quit */
1221 /*
1222 * Create unnamed portal to run the query or queries in. If there
1223 * already is one, silently drop it.
1224 */
1226 /* Don't display the portal in pg_cursors */
1229 /*
1230 * We don't have to copy anything into the portal, because everything
1231 * we are passing here is in MessageContext or the
1232 * per_parsetree_context, and so will outlive the portal anyway.
1233 */
1235 NULL,
1236 query_string,
1237 commandTag,
1238 plantree_list,
1239 NULL);
1241 /*
1242 * Start the portal. No parameters here.
1243 */
1246 /*
1247 * Select the appropriate output format: text unless we are doing a
1248 * FETCH from a binary cursor. (Pretty grotty to have to do this here
1249 * --- but it avoids grottiness in other places. Ah, the joys of
1250 * backward compatibility...)
1251 */
1254 {
1258 {
1264 }
1265 }
1268 /*
1269 * Now we can create the destination receiver object.
1270 */
1275 /*
1276 * Switch back to transaction context for execution.
1277 */
1280 /*
1281 * Run the portal to completion, and then drop it (and the receiver).
1282 */
1284 FETCH_ALL,
1287 receiver,
1288 receiver,
1296 {
1297 /*
1298 * If this is the last parsetree of the query string, close down
1299 * transaction statement before reporting command-complete. This
1300 * is so that any end-of-transaction errors are reported before
1301 * the command-complete message is issued, to avoid confusing
1302 * clients who will expect either a command-complete message or an
1303 * error, not one and then the other. Also, if we're using an
1304 * implicit transaction block, we must close that out first.
1305 */
1309 }
1311 {
1312 /*
1313 * If this was a transaction control statement, commit it. We will
1314 * start a new xact command for the next command.
1315 */
1317 }
1318 else
1319 {
1320 /*
1321 * We had better not see XACT_FLAGS_NEEDIMMEDIATECOMMIT set if
1322 * we're not calling finish_xact_command(). (The implicit
1323 * transaction block should have prevented it from getting set.)
1324 */
1327 /*
1328 * We need a CommandCounterIncrement after every query, except
1329 * those that start or end a transaction block.
1330 */
1333 /*
1334 * Disable statement timeout between queries of a multi-query
1335 * string, so that the timeout applies separately to each query.
1336 * (Our next loop iteration will start a fresh timeout.)
1337 */
1339 }
1341 /*
1342 * Tell client that we're done with this query. Note we emit exactly
1343 * one EndCommand report for each raw parsetree, thus one for each SQL
1344 * command the client sent, regardless of rewriting. (But a command
1345 * aborted by error will not send an EndCommand report at all.)
1346 */
1349 /* Now we may drop the per-parsetree context, if one was created. */
1354 /*
1355 * Close down transaction statement, if one is open. (This will only do
1356 * something if the parsetree list was empty; otherwise the last loop
1357 * iteration already did it.)
1358 */
1361 /*
1362 * If there were no parsetrees, return EmptyQueryResponse message.
1363 */
1367 /*
1368 * Emit duration logging if appropriate.
1369 */
1371 {
1384 }
1392 }
1394 /*
1395 * exec_parse_message
1396 *
1397 * Execute a "Parse" protocol message.
1398 */
1399 static void
1404 {
1406 MemoryContext oldcontext;
1415 /*
1416 * Report query to various monitoring facilities.
1417 */
1430 query_string)));
1432 /*
1433 * Start up a transaction command so we can run parse analysis etc. (Note
1434 * that this will normally change current memory context.) Nothing happens
1435 * if we are already in one. This also arms the statement timeout if
1436 * necessary.
1437 */
1440 /*
1441 * Switch to appropriate context for constructing parsetrees.
1442 *
1443 * We have two strategies depending on whether the prepared statement is
1444 * named or not. For a named prepared statement, we do parsing in
1445 * MessageContext and copy the finished trees into the prepared
1446 * statement's plancache entry; then the reset of MessageContext releases
1447 * temporary space used by parsing and rewriting. For an unnamed prepared
1448 * statement, we assume the statement isn't going to hang around long, so
1449 * getting rid of temp space quickly is probably not worth the costs of
1450 * copying parse trees. So in this case, we create the plancache entry's
1451 * query_context here, and do all the parsing work therein.
1452 */
1455 {
1456 /* Named prepared statement --- parse in MessageContext */
1458 }
1459 else
1460 {
1461 /* Unnamed prepared statement --- release any prior unnamed stmt */
1463 /* Create context for parsing */
1464 unnamed_stmt_context =
1467 ALLOCSET_DEFAULT_SIZES);
1469 }
1471 /*
1472 * Do basic parsing of the query or queries (this should be safe even if
1473 * we are in aborted transaction state!)
1474 */
1477 /*
1478 * We only allow a single user statement in a prepared statement. This is
1479 * mainly to keep the protocol simple --- otherwise we'd need to worry
1480 * about multiple result tupdescs and things like that.
1481 */
1488 {
1493 /*
1494 * If we are in an aborted transaction, reject all commands except
1495 * COMMIT/ROLLBACK. It is important that this test occur before we
1496 * try to do parse analysis, rewrite, or planning, since all those
1497 * phases try to do database accesses, which may fail in abort state.
1498 * (It might be safe to allow some additional utility commands in this
1499 * state, but not many...)
1500 */
1509 /*
1510 * Create the CachedPlanSource before we do parse analysis, since it
1511 * needs to see the unmodified raw parse tree.
1512 */
1516 /*
1517 * Set up a snapshot if parse analysis will need one.
1518 */
1520 {
1523 }
1525 /*
1526 * Analyze and rewrite the query. Note that the originally specified
1527 * parameter set is not required to be complete, so we have to use
1528 * pg_analyze_and_rewrite_varparams().
1529 */
1531 query_string,
1534 NULL);
1536 /* Done with the snapshot used for parsing */
1539 }
1540 else
1541 {
1542 /* Empty input string. This is legal. */
1545 CMDTAG_UNKNOWN);
1547 }
1549 /*
1550 * CachedPlanSource must be a direct child of MessageContext before we
1551 * reparent unnamed_stmt_context under it, else we have a disconnected
1552 * circular subgraph. Klugy, but less so than flipping contexts even more
1553 * above.
1554 */
1558 /* Finish filling in the CachedPlanSource */
1560 querytree_list,
1561 unnamed_stmt_context,
1562 paramTypes,
1563 numParams,
1564 NULL,
1565 NULL,
1569 /* If we got a cancel signal during analysis, quit */
1573 {
1574 /*
1575 * Store the query as a prepared statement.
1576 */
1578 }
1579 else
1580 {
1581 /*
1582 * We just save the CachedPlanSource into unnamed_stmt_psrc.
1583 */
1586 }
1590 /*
1591 * We do NOT close the open transaction command here; that only happens
1592 * when the client sends Sync. Instead, do CommandCounterIncrement just
1593 * in case something happened during parse/plan.
1594 */
1597 /*
1598 * Send ParseComplete.
1599 */
1603 /*
1604 * Emit duration logging if appropriate.
1605 */
1607 {
1616 msec_str,
1618 query_string),
1621 }
1627 }
1629 /*
1630 * exec_bind_message
1631 *
1632 * Process a "Bind" message to create a portal from a prepared statement
1633 */
1634 static void
1636 {
1646 Portal portal;
1649 ParamListInfo params;
1650 MemoryContext oldContext;
1654 ParamsErrorCbData params_data;
1655 ErrorContextCallback params_errcxt;
1658 /* Get the fixed part of the message */
1667 /* Find prepared statement */
1669 {
1674 }
1675 else
1676 {
1677 /* special-case the unnamed statement */
1683 }
1685 /*
1686 * Report query to various monitoring facilities.
1687 */
1693 {
1697 {
1700 }
1701 }
1708 /*
1709 * Start up a transaction command so we can call functions etc. (Note that
1710 * this will normally change current memory context.) Nothing happens if
1711 * we are already in one. This also arms the statement timeout if
1712 * necessary.
1713 */
1716 /* Switch back to message context */
1719 /* Get the parameter format codes */
1722 {
1726 }
1728 /* Get the parameter value count */
1743 /*
1744 * If we are in aborted transaction state, the only portals we can
1745 * actually run are those containing COMMIT or ROLLBACK commands. We
1746 * disallow binding anything else to avoid problems with infrastructure
1747 * that expects to run inside a valid transaction. We also disallow
1748 * binding any parameters, since we can't risk calling user-defined I/O
1749 * functions.
1750 */
1761 /*
1762 * Create the portal. Allow silent replacement of an existing portal only
1763 * if the unnamed portal is specified.
1764 */
1767 else
1770 /*
1771 * Prepare to copy stuff into the portal's memory context. We do all this
1772 * copying first, because it could possibly fail (out-of-memory) and we
1773 * don't want a failure to occur between GetCachedPlan and
1774 * PortalDefineQuery; that would result in leaking our plancache refcount.
1775 */
1778 /* Copy the plan's query string into the portal */
1781 /* Likewise make a copy of the statement name, unless it's unnamed */
1784 else
1787 /*
1788 * Set a snapshot if we have parameters to fetch (since the input
1789 * functions might need it) or the query isn't a utility command (and
1790 * hence could require redoing parse analysis and planning). We keep the
1791 * snapshot active till we're done, so that plancache.c doesn't have to
1792 * take new ones.
1793 */
1797 {
1800 }
1802 /*
1803 * Fetch parameters, if any, and store in the portal's memory context.
1804 */
1806 {
1808 BindParamCbData one_param_data;
1810 /*
1811 * Set up an error callback so that if there's an error in this phase,
1812 * we can report the specific parameter causing the problem.
1813 */
1825 {
1827 int32 plength;
1828 Datum pval;
1830 StringInfoData pbuf;
1832 int16 pformat;
1841 {
1844 /*
1845 * Rather than copying data around, we just initialize a
1846 * StringInfo pointing to the correct portion of the message
1847 * buffer. We assume we can scribble on the message buffer to
1848 * add a trailing NUL which is required for the input function
1849 * call.
1850 */
1855 }
1856 else
1857 {
1860 }
1866 else
1870 {
1871 Oid typinput;
1872 Oid typioparam;
1877 /*
1878 * We have to do encoding conversion before calling the
1879 * typinput routine.
1880 */
1883 else
1886 /* Now we can log the input string in case of error */
1893 /*
1894 * If we might need to log parameters later, save a copy of
1895 * the converted string in MessageContext; then free the
1896 * result of encoding conversion, if any was done.
1897 */
1899 {
1901 {
1902 MemoryContext oldcxt;
1911 else
1912 {
1913 /*
1914 * We can trim the saved string, knowing that we
1915 * won't print all of it. But we must copy at
1916 * least two more full characters than
1917 * BuildParamLogString wants to use; otherwise it
1918 * might fail to include the trailing ellipsis.
1919 */
1922 log_parameter_max_length_on_error
1924 }
1927 }
1930 }
1931 }
1933 {
1934 Oid typreceive;
1935 Oid typioparam;
1936 StringInfo bufptr;
1938 /*
1939 * Call the parameter type's binary input converter
1940 */
1945 else
1950 /* Trouble if it didn't eat the whole buffer */
1956 }
1957 else
1958 {
1962 pformat)));
1964 }
1966 /* Restore message buffer contents */
1973 /*
1974 * We mark the params as CONST. This ensures that any custom plan
1975 * makes full use of the parameter values.
1976 */
1979 }
1981 /* Pop the per-parameter error callback */
1984 /*
1985 * Once all parameters have been received, prepare for printing them
1986 * in future errors, if configured to do so. (This is saved in the
1987 * portal, so that they'll appear when the query is executed later.)
1988 */
1992 knownTextValues,
1993 log_parameter_max_length_on_error);
1994 }
1995 else
1998 /* Done storing stuff in portal's context */
2001 /*
2002 * Set up another error callback so that all the parameters are logged if
2003 * we get an error during the rest of the BIND processing.
2004 */
2012 /* Get the result format codes */
2015 {
2019 }
2023 /*
2024 * Obtain a plan from the CachedPlanSource. Any cruft from (re)planning
2025 * will be generated in MessageContext. The plan refcount will be
2026 * assigned to the Portal, so it will be released at portal destruction.
2027 */
2030 /*
2031 * Now we can define the portal.
2032 *
2033 * DO NOT put any code that could possibly throw an error between the
2034 * above GetCachedPlan call and here.
2035 */
2037 saved_stmt_name,
2038 query_string,
2041 cplan);
2043 /* Done with the snapshot used for parameter I/O and parsing/planning */
2047 /*
2048 * And we're ready to start portal execution.
2049 */
2052 /*
2053 * Apply the result format requests to the portal.
2054 */
2057 /*
2058 * Done binding; remove the parameters error callback. Entries emitted
2059 * later determine independently whether to log the parameters or not.
2060 */
2063 /*
2064 * Send BindComplete.
2065 */
2069 /*
2070 * Emit duration logging if appropriate.
2071 */
2073 {
2082 msec_str,
2090 }
2098 }
2100 /*
2101 * exec_execute_message
2102 *
2103 * Process an "Execute" message for a portal
2104 */
2105 static void
2107 {
2108 CommandDest dest;
2110 Portal portal;
2112 QueryCompletion qc;
2115 ParamListInfo portalParams;
2121 ParamsErrorCbData params_data;
2122 ErrorContextCallback params_errcxt;
2127 /* Adjust destination to tell printtup.c what to do */
2138 /*
2139 * If the original query was a null string, just return
2140 * EmptyQueryResponse.
2141 */
2143 {
2147 }
2149 /* Does the portal contain a transaction command? */
2152 /*
2153 * We must copy the sourceText and prepStmtName into MessageContext in
2154 * case the portal is destroyed during finish_xact_command. We do not
2155 * make a copy of the portalParams though, preferring to just not print
2156 * them in that case.
2157 */
2161 else
2165 /*
2166 * Report query to various monitoring facilities.
2167 */
2173 {
2177 {
2180 }
2181 }
2192 /*
2193 * Create dest receiver in MessageContext (we don't want it in transaction
2194 * context, because that may get deleted if portal contains VACUUM).
2195 */
2200 /*
2201 * Ensure we are in a transaction command (this should normally be the
2202 * case already due to prior BIND).
2203 */
2206 /*
2207 * If we re-issue an Execute protocol request against an existing portal,
2208 * then we are only fetching more rows rather than completely re-executing
2209 * the query from the start. atStart is never reset for a v3 portal, so we
2210 * are safe to use this check.
2211 */
2214 /* Log immediately if dictated by log_statement */
2216 {
2219 execute_is_fetch ?
2222 prepStmtName,
2225 sourceText),
2229 }
2231 /*
2232 * If we are in aborted transaction state, the only portals we can
2233 * actually run are those containing COMMIT or ROLLBACK commands.
2234 */
2243 /* Check for cancel signal before we start execution */
2246 /*
2247 * Okay to run the portal. Set the error callback so that parameters are
2248 * logged. The parameters must have been saved during the bind phase.
2249 */
2261 max_rows,
2264 receiver,
2265 receiver,
2270 /* Done executing; remove the params error callback */
2274 {
2276 {
2277 /*
2278 * If this was a transaction control statement, commit it. We
2279 * will start a new xact command for the next command (if any).
2280 * Likewise if the statement required immediate commit. Without
2281 * this provision, we wouldn't force commit until Sync is
2282 * received, which creates a hazard if the client tries to
2283 * pipeline immediate-commit statements.
2284 */
2287 /*
2288 * These commands typically don't have any parameters, and even if
2289 * one did we couldn't print them now because the storage went
2290 * away during finish_xact_command. So pretend there were none.
2291 */
2293 }
2294 else
2295 {
2296 /*
2297 * We need a CommandCounterIncrement after every query, except
2298 * those that start or end a transaction block.
2299 */
2302 /*
2303 * Set XACT_FLAGS_PIPELINING whenever we complete an Execute
2304 * message without immediately committing the transaction.
2305 */
2308 /*
2309 * Disable statement timeout whenever we complete an Execute
2310 * message. The next protocol message will start a fresh timeout.
2311 */
2313 }
2315 /* Send appropriate CommandComplete to client */
2317 }
2318 else
2319 {
2320 /* Portal run not complete, so send PortalSuspended */
2324 /*
2325 * Set XACT_FLAGS_PIPELINING whenever we suspend an Execute message,
2326 * too.
2327 */
2329 }
2331 /*
2332 * Emit duration logging if appropriate.
2333 */
2335 {
2344 msec_str,
2345 execute_is_fetch ?
2348 prepStmtName,
2351 sourceText),
2355 }
2363 }
2365 /*
2366 * check_log_statement
2367 * Determine whether command should be logged because of log_statement
2368 *
2369 * stmt_list can be either raw grammar output or a list of planned
2370 * statements
2371 */
2372 static bool
2374 {
2382 /* Else we have to inspect the statement(s) to see whether to log */
2384 {
2389 }
2392 }
2394 /*
2395 * check_log_duration
2396 * Determine whether current command's duration should be logged
2397 * We also check if this statement in this transaction must be logged
2398 * (regardless of its duration).
2399 *
2400 * Returns:
2401 * 0 if no logging is needed
2402 * 1 if just the duration should be logged
2403 * 2 if duration and query details should be logged
2404 *
2405 * If logging is needed, the duration in msec is formatted into msec_str[],
2406 * which must be a 32-byte buffer.
2407 *
2408 * was_logged should be true if caller already logged query details (this
2409 * essentially prevents 2 from being returned).
2410 */
2411 int
2413 {
2416 {
2429 /*
2430 * This odd-looking test for log_min_duration_* being exceeded is
2431 * designed to avoid integer overflow with very long durations: don't
2432 * compute secs * 1000 until we've verified it will fit in int.
2433 */
2444 /*
2445 * Do not log if log_statement_sample_rate = 0. Log a sample if
2446 * log_statement_sample_rate <= 1 and avoid unnecessary PRNG call if
2447 * log_statement_sample_rate = 1.
2448 */
2455 {
2460 else
2462 }
2463 }
2466 }
2468 /*
2469 * errdetail_execute
2470 *
2471 * Add an errdetail() line showing the query referenced by an EXECUTE, if any.
2472 * The argument is the raw parsetree list.
2473 */
2474 static int
2476 {
2480 {
2484 {
2490 {
2493 }
2494 }
2495 }
2498 }
2500 /*
2501 * errdetail_params
2502 *
2503 * Add an errdetail() line showing bind-parameter data, if available.
2504 * Note that this is only used for statement logging, so it is controlled
2505 * by log_parameter_max_length not log_parameter_max_length_on_error.
2506 */
2507 static int
2509 {
2511 {
2517 }
2520 }
2522 /*
2523 * errdetail_abort
2524 *
2525 * Add an errdetail() line showing abort reason, if any.
2526 */
2527 static int
2529 {
2534 }
2536 /*
2537 * errdetail_recovery_conflict
2538 *
2539 * Add an errdetail() line showing conflict source.
2540 */
2541 static int
2543 {
2545 {
2569 /* no errdetail */
2570 }
2573 }
2575 /*
2576 * bind_param_error_callback
2577 *
2578 * Error context callback used while parsing parameters in a Bind message
2579 */
2580 static void
2582 {
2584 StringInfoData buf;
2590 /* If we have a textual value, quote it, and trim if necessary */
2592 {
2595 log_parameter_max_length_on_error);
2597 }
2598 else
2602 {
2606 else
2609 }
2610 else
2611 {
2615 else
2618 }
2622 }
2624 /*
2625 * exec_describe_statement_message
2626 *
2627 * Process a "Describe" message for a prepared statement
2628 */
2629 static void
2631 {
2634 /*
2635 * Start up a transaction command. (Note that this will normally change
2636 * current memory context.) Nothing happens if we are already in one.
2637 */
2640 /* Switch back to message context */
2643 /* Find prepared statement */
2645 {
2650 }
2651 else
2652 {
2653 /* special-case the unnamed statement */
2659 }
2661 /* Prepared statements shouldn't have changeable result descs */
2664 /*
2665 * If we are in aborted transaction state, we can't run
2666 * SendRowDescriptionMessage(), because that needs catalog accesses.
2667 * Hence, refuse to Describe statements that return data. (We shouldn't
2668 * just refuse all Describes, since that might break the ability of some
2669 * clients to issue COMMIT or ROLLBACK commands, if they use code that
2670 * blindly Describes whatever it does.) We can Describe parameters
2671 * without doing anything dangerous, so we don't restrict that.
2672 */
2684 /*
2685 * First describe the parameters...
2686 */
2691 {
2695 }
2698 /*
2699 * Next send RowDescription or NoData to describe the result...
2700 */
2702 {
2705 /* Get the plan's primary targetlist */
2710 tlist,
2711 NULL);
2712 }
2713 else
2715 }
2717 /*
2718 * exec_describe_portal_message
2719 *
2720 * Process a "Describe" message for a portal
2721 */
2722 static void
2724 {
2725 Portal portal;
2727 /*
2728 * Start up a transaction command. (Note that this will normally change
2729 * current memory context.) Nothing happens if we are already in one.
2730 */
2733 /* Switch back to message context */
2742 /*
2743 * If we are in aborted transaction state, we can't run
2744 * SendRowDescriptionMessage(), because that needs catalog accesses.
2745 * Hence, refuse to Describe portals that return data. (We shouldn't just
2746 * refuse all Describes, since that might break the ability of some
2747 * clients to issue COMMIT or ROLLBACK commands, if they use code that
2748 * blindly Describes whatever it does.)
2749 */
2766 else
2768 }
2771 /*
2772 * Convenience routines for starting/committing a single command.
2773 */
2774 static void
2776 {
2778 {
2782 }
2784 {
2785 /*
2786 * When the first Execute message is completed, following commands
2787 * will be done in an implicit transaction block created via
2788 * pipelining. The transaction state needs to be updated to an
2789 * implicit block if we're not already in a transaction block (like
2790 * one started by an explicit BEGIN).
2791 */
2793 }
2795 /*
2796 * Start statement timeout if necessary. Note that this'll intentionally
2797 * not reset the clock on an already started timeout, to avoid the timing
2798 * overhead when start_xact_command() is invoked repeatedly, without an
2799 * interceding finish_xact_command() (e.g. parse/bind/execute). If that's
2800 * not desired, the timeout has to be disabled explicitly.
2801 */
2804 /* Start timeout for checking if the client has gone away if necessary. */
2806 IsUnderPostmaster &&
2807 MyProcPort &&
2810 client_connection_check_interval);
2811 }
2813 static void
2815 {
2816 /* cancel active statement timeout after each command */
2820 {
2823 #ifdef MEMORY_CONTEXT_CHECKING
2824 /* Check all memory contexts that weren't freed during commit */
2825 /* (those that were, were checked before being deleted) */
2827 #endif
2829 #ifdef SHOW_MEMORY_STATS
2830 /* Print mem stats after each commit for leak tracking */
2832 #endif
2835 }
2836 }
2839 /*
2840 * Convenience routines for checking whether a statement is one of the
2841 * ones that we allow in transaction-aborted state.
2842 */
2844 /* Test a bare parsetree */
2845 static bool
2847 {
2849 {
2857 }
2859 }
2861 /* Test a list that contains PlannedStmt nodes */
2862 static bool
2864 {
2866 {
2872 }
2874 }
2876 /* Test a list that contains PlannedStmt nodes */
2877 static bool
2879 {
2881 {
2887 }
2889 }
2891 /* Release any existing unnamed prepared statement */
2892 static void
2894 {
2895 /* paranoia to avoid a dangling pointer in case of error */
2897 {
2902 }
2903 }
2906 /* --------------------------------
2907 * signal handler routines used in PostgresMain()
2908 * --------------------------------
2909 */
2911 /*
2912 * quickdie() occurs when signaled SIGQUIT by the postmaster.
2913 *
2914 * Either some backend has bought the farm, or we've been told to shut down
2915 * "immediately"; so we need to stop what we're doing and exit.
2916 */
2917 void
2919 {
2923 /*
2924 * Prevent interrupts while exiting; though we just blocked signals that
2925 * would queue new interrupts, one may have been pending. We don't want a
2926 * quickdie() downgraded to a mere query cancel.
2927 */
2930 /*
2931 * If we're aborting out of client auth, don't risk trying to send
2932 * anything to the client; we will likely violate the protocol, not to
2933 * mention that we may have interrupted the guts of OpenSSL or some
2934 * authentication library.
2935 */
2939 /*
2940 * Notify the client before exiting, to give a clue on what happened.
2941 *
2942 * It's dubious to call ereport() from a signal handler. It is certainly
2943 * not async-signal safe. But it seems better to try, than to disconnect
2944 * abruptly and leave the client wondering what happened. It's remotely
2945 * possible that we crash or hang while trying to send the message, but
2946 * receiving a SIGQUIT is a sign that something has already gone badly
2947 * wrong, so there's not much to lose. Assuming the postmaster is still
2948 * running, it will SIGKILL us soon if we get stuck for some reason.
2949 *
2950 * One thing we can do to make this a tad safer is to clear the error
2951 * context stack, so that context callbacks are not called. That's a lot
2952 * less code that could be reached here, and the context info is unlikely
2953 * to be very relevant to a SIGQUIT report anyway.
2954 */
2957 /*
2958 * When responding to a postmaster-issued signal, we send the message only
2959 * to the client; sending to the server log just creates log spam, plus
2960 * it's more code that we need to hope will work in a signal handler.
2961 *
2962 * Ideally these should be ereport(FATAL), but then we'd not get control
2963 * back to force the correct type of process exit.
2964 */
2966 {
2968 /* Hmm, SIGQUIT arrived out of the blue */
2974 /* A crash-and-restart cycle is in progress */
2979 " the current transaction and exit, because another"
2980 " server process exited abnormally and possibly corrupted"
2986 /* Immediate-mode stop */
2991 }
2993 /*
2994 * We DO NOT want to run proc_exit() or atexit() callbacks -- we're here
2995 * because shared memory may be corrupted, so we don't want to try to
2996 * clean up our transaction. Just nail the windows shut and get out of
2997 * town. The callbacks wouldn't be safe to run from a signal handler,
2998 * anyway.
2999 *
3000 * Note we do _exit(2) not _exit(0). This is to force the postmaster into
3001 * a system reset cycle if someone sends a manual SIGQUIT to a random
3002 * backend. This is necessary precisely because we don't clean up our
3003 * shared memory state. (The "dead man switch" mechanism in pmsignal.c
3004 * should ensure the postmaster sees this as a crash, too, but no harm in
3005 * being doubly sure.)
3006 */
3008 }
3010 /*
3011 * Shutdown signal from postmaster: abort transaction and exit
3012 * at soonest convenient time
3013 */
3014 void
3016 {
3017 /* Don't joggle the elbow of proc_exit */
3019 {
3022 }
3024 /* for the cumulative stats system */
3027 /* If we're still here, waken anything waiting on the process latch */
3030 /*
3031 * If we're in single user mode, we want to quit immediately - we can't
3032 * rely on latches as they wouldn't work when stdin/stdout is a file.
3033 * Rather ugly, but it's unlikely to be worthwhile to invest much more
3034 * effort just for the benefit of single user mode.
3035 */
3038 }
3040 /*
3041 * Query-cancel signal from postmaster: abort current transaction
3042 * at soonest convenient time
3043 */
3044 void
3046 {
3047 /*
3048 * Don't joggle the elbow of proc_exit
3049 */
3051 {
3054 }
3056 /* If we're still here, waken anything waiting on the process latch */
3058 }
3060 /* signal handler for floating point exception */
3061 void
3063 {
3064 /* We're not returning, so no need to save errno */
3069 "This probably means an out-of-range result or an "
3071 }
3073 /*
3074 * Tell the next CHECK_FOR_INTERRUPTS() to check for a particular type of
3075 * recovery conflict. Runs in a SIGUSR1 handler.
3076 */
3077 void
3079 {
3083 /* latch will be set by procsignal_sigusr1_handler */
3084 }
3086 /*
3087 * Check one individual conflict reason.
3088 */
3089 static void
3091 {
3093 {
3096 /*
3097 * If we aren't waiting for a lock we can never deadlock.
3098 */
3102 /* Intentional fall through to check wait for pin */
3103 /* FALLTHROUGH */
3107 /*
3108 * If PROCSIG_RECOVERY_CONFLICT_BUFFERPIN is requested but we
3109 * aren't blocking the Startup process there is nothing more to
3110 * do.
3111 *
3112 * When PROCSIG_RECOVERY_CONFLICT_STARTUP_DEADLOCK is requested,
3113 * if we're waiting for locks and the startup process is not
3114 * waiting for buffer pin (i.e., also waiting for locks), we set
3115 * the flag so that ProcSleep() will check for deadlocks.
3116 */
3118 {
3123 }
3127 /* Intentional fall through to error handling */
3128 /* FALLTHROUGH */
3134 /*
3135 * If we aren't in a transaction any longer then ignore.
3136 */
3140 /* FALLTHROUGH */
3144 /*
3145 * If we're not in a subtransaction then we are OK to throw an
3146 * ERROR to resolve the conflict. Otherwise drop through to the
3147 * FATAL case.
3148 *
3149 * PROCSIG_RECOVERY_CONFLICT_LOGICALSLOT is a special case that
3150 * always throws an ERROR (ie never promotes to FATAL), though it
3151 * still has to respect QueryCancelHoldoffCount, so it shares this
3152 * code path. Logical decoding slots are only acquired while
3153 * performing logical decoding. During logical decoding no user
3154 * controlled code is run. During [sub]transaction abort, the
3155 * slot is released. Therefore user controlled code cannot
3156 * intercept an error before the replication slot is released.
3157 *
3158 * XXX other times that we can throw just an ERROR *may* be
3159 * PROCSIG_RECOVERY_CONFLICT_LOCK if no locks are held in parent
3160 * transactions
3161 *
3162 * PROCSIG_RECOVERY_CONFLICT_SNAPSHOT if no snapshots are held by
3163 * parent transactions and the transaction is not
3164 * transaction-snapshot mode
3165 *
3166 * PROCSIG_RECOVERY_CONFLICT_TABLESPACE if no temp files or
3167 * cursors open in parent transactions
3168 */
3171 {
3172 /*
3173 * If we already aborted then we no longer need to cancel. We
3174 * do this here since we do not wish to ignore aborted
3175 * subtransactions, which must cause FATAL, currently.
3176 */
3180 /*
3181 * If a recovery conflict happens while we are waiting for
3182 * input from the client, the client is presumably just
3183 * sitting idle in a transaction, preventing recovery from
3184 * making progress. We'll drop through to the FATAL case
3185 * below to dislodge it, in that case.
3186 */
3188 {
3189 /* Avoid losing sync in the FE/BE protocol. */
3191 {
3192 /*
3193 * Re-arm and defer this interrupt until later. See
3194 * similar code in ProcessInterrupts().
3195 */
3200 }
3202 /*
3203 * We are cleared to throw an ERROR. Either it's the
3204 * logical slot case, or we have a top-level transaction
3205 * that we can abort and a conflict that isn't inherently
3206 * non-retryable.
3207 */
3215 }
3216 }
3218 /* Intentional fall through to session cancel */
3219 /* FALLTHROUGH */
3223 /*
3224 * Retrying is not possible because the database is dropped, or we
3225 * decided above that we couldn't resolve the conflict with an
3226 * ERROR and fell through. Terminate the session.
3227 */
3231 ERRCODE_DATABASE_DROPPED :
3232 ERRCODE_T_R_SERIALIZATION_FAILURE),
3241 }
3242 }
3244 /*
3245 * Check each possible recovery conflict reason.
3246 */
3247 static void
3249 {
3250 /*
3251 * We don't need to worry about joggling the elbow of proc_exit, because
3252 * proc_exit_prepare() holds interrupts, so ProcessInterrupts() won't call
3253 * us.
3254 */
3263 reason++)
3264 {
3266 {
3269 }
3270 }
3271 }
3273 /*
3274 * ProcessInterrupts: out-of-line portion of CHECK_FOR_INTERRUPTS() macro
3275 *
3276 * If an interrupt condition is pending, and it's safe to service it,
3277 * then clear the flag and accept the interrupt. Called only when
3278 * InterruptPending is true.
3279 *
3280 * Note: if INTERRUPTS_CAN_BE_PROCESSED() is true, then ProcessInterrupts
3281 * is guaranteed to clear the InterruptPending flag before returning.
3282 * (This is not the same as guaranteeing that it's still clear when we
3283 * return; another interrupt could have arrived. But we promise that
3284 * any pre-existing one will have been serviced.)
3285 */
3286 void
3288 {
3289 /* OK to accept any interrupts now? */
3295 {
3299 /* As in quickdie, don't risk sending to client during auth */
3315 {
3319 /*
3320 * The logical replication launcher can be stopped at any time.
3321 * Use exit status 1 so the background worker is restarted.
3322 */
3324 }
3330 else
3334 }
3337 {
3340 /*
3341 * Check for lost connection and re-arm, if still configured, but not
3342 * if we've arrived back at DoingCommandRead state. We don't want to
3343 * wake up idle sessions, and they already know how to detect lost
3344 * connections.
3345 */
3347 {
3350 else
3352 client_connection_check_interval);
3353 }
3354 }
3357 {
3360 /* don't send to client, we already know the connection to be dead. */
3365 }
3367 /*
3368 * Don't allow query cancel interrupts while reading input from the
3369 * client, because we might lose sync in the FE/BE protocol. (Die
3370 * interrupts are OK, because we won't read any further messages from the
3371 * client in that case.)
3372 *
3373 * See similar logic in ProcessRecoveryConflictInterrupts().
3374 */
3376 {
3377 /*
3378 * Re-arm InterruptPending so that we process the cancel request as
3379 * soon as we're done reading the message. (XXX this is seriously
3380 * ugly: it complicates INTERRUPTS_CAN_BE_PROCESSED(), and it means we
3381 * can't use that macro directly as the initial test in this function,
3382 * meaning that this code also creates opportunities for other bugs to
3383 * appear.)
3384 */
3386 }
3388 {
3394 /*
3395 * If LOCK_TIMEOUT and STATEMENT_TIMEOUT indicators are both set, we
3396 * need to clear both, so always fetch both.
3397 */
3401 /*
3402 * If both were set, we want to report whichever timeout completed
3403 * earlier; this ensures consistent behavior if the machine is slow
3404 * enough that the second timeout triggers before we get here. A tie
3405 * is arbitrarily broken in favor of reporting a lock timeout.
3406 */
3412 {
3417 }
3419 {
3424 }
3426 {
3431 }
3433 /*
3434 * If we are reading a command from the client, just ignore the cancel
3435 * request --- sending an extra error message won't accomplish
3436 * anything. Otherwise, go ahead and throw the error.
3437 */
3439 {
3444 }
3445 }
3451 {
3452 /*
3453 * If the GUC has been reset to zero, ignore the signal. This is
3454 * important because the GUC update itself won't disable any pending
3455 * interrupt. We need to unset the flag before the injection point,
3456 * otherwise we could loop in interrupts checking.
3457 */
3460 {
3465 }
3466 }
3469 {
3470 /* As above, ignore the signal if the GUC has been reset to zero. */
3473 {
3478 }
3479 }
3482 {
3483 /* As above, ignore the signal if the GUC has been reset to zero. */
3486 {
3491 }
3492 }
3494 /*
3495 * If there are pending stats updates and we currently are truly idle
3496 * (matching the conditions in PostgresMain(), report stats now.
3497 */
3500 {
3503 }
3516 }
3518 /*
3519 * set_stack_base: set up reference point for stack depth checking
3520 *
3521 * Returns the old reference point, if any.
3522 */
3523 pg_stack_base_t
3525 {
3526 #ifndef HAVE__BUILTIN_FRAME_ADDRESS
3528 #endif
3529 pg_stack_base_t old;
3533 /*
3534 * Set up reference point for stack depth checking. On recent gcc we use
3535 * __builtin_frame_address() to avoid a warning about storing a local
3536 * variable's address in a long-lived variable.
3537 */
3538 #ifdef HAVE__BUILTIN_FRAME_ADDRESS
3540 #else
3542 #endif
3545 }
3547 /*
3548 * restore_stack_base: restore reference point for stack depth checking
3549 *
3550 * This can be used after set_stack_base() to restore the old value. This
3551 * is currently only used in PL/Java. When PL/Java calls a backend function
3552 * from different thread, the thread's stack is at a different location than
3553 * the main thread's stack, so it sets the base pointer before the call, and
3554 * restores it afterwards.
3555 */
3556 void
3558 {
3560 }
3562 /*
3563 * check_stack_depth/stack_is_too_deep: check for excessively deep recursion
3564 *
3565 * This should be called someplace in any recursive routine that might possibly
3566 * recurse deep enough to overflow the stack. Most Unixen treat stack
3567 * overflow as an unrecoverable SIGSEGV, so we want to error out ourselves
3568 * before hitting the hardware limit.
3569 *
3570 * check_stack_depth() just throws an error summarily. stack_is_too_deep()
3571 * can be used by code that wants to handle the error condition itself.
3572 */
3573 void
3575 {
3577 {
3583 max_stack_depth)));
3584 }
3585 }
3587 bool
3589 {
3593 /*
3594 * Compute distance from reference point to my local variables
3595 */
3598 /*
3599 * Take abs value, since stacks grow up on some machines, down on others
3600 */
3604 /*
3605 * Trouble?
3606 *
3607 * The test on stack_base_ptr prevents us from erroring out if called
3608 * during process setup or in a non-backend process. Logically it should
3609 * be done first, but putting it here avoids wasting cycles during normal
3610 * cases.
3611 */
3617 }
3619 /* GUC check hook for max_stack_depth */
3620 bool
3622 {
3627 {
3630 GUC_check_errhint("Increase the platform's stack depth limit via \"ulimit -s\" or local equivalent.");
3632 }
3634 }
3636 /* GUC assign hook for max_stack_depth */
3637 void
3639 {
3643 }
3645 /*
3646 * GUC check_hook for client_connection_check_interval
3647 */
3648 bool
3650 {
3652 {
3653 GUC_check_errdetail("\"client_connection_check_interval\" must be set to 0 on this platform.");
3655 }
3657 }
3659 /*
3660 * GUC check_hook for log_parser_stats, log_planner_stats, log_executor_stats
3661 *
3662 * This function and check_log_stats interact to prevent their variables from
3663 * being set in a disallowed combination. This is a hack that doesn't really
3664 * work right; for example it might fail while applying pg_db_role_setting
3665 * values even though the final state would have been acceptable. However,
3666 * since these variables are legacy settings with little production usage,
3667 * we tolerate that.
3668 */
3669 bool
3671 {
3673 {
3676 }
3678 }
3680 /*
3681 * GUC check_hook for log_statement_stats
3682 */
3683 bool
3685 {
3688 {
3693 }
3695 }
3697 /* GUC assign hook for transaction_timeout */
3698 void
3700 {
3702 {
3703 /*
3704 * If transaction_timeout GUC has changed within the transaction block
3705 * enable or disable the timer correspondingly.
3706 */
3711 }
3712 }
3714 /*
3715 * GUC check_hook for restrict_nonsystem_relation_kind
3716 */
3717 bool
3719 {
3725 /* Need a modifiable copy of string */
3729 {
3730 /* syntax error in list */
3735 }
3738 {
3745 else
3746 {
3751 }
3752 }
3757 /* Save the flags in *extra, for use by the assign function */
3762 }
3764 /*
3765 * GUC assign_hook for restrict_nonsystem_relation_kind
3766 */
3767 void
3769 {
3773 }
3775 /*
3776 * set_debug_options --- apply "-d N" command line option
3777 *
3778 * -d is not quite the same as setting log_min_messages because it enables
3779 * other output options.
3780 */
3781 void
3783 {
3785 {
3790 }
3791 else
3795 {
3798 }
3807 }
3810 bool
3812 {
3816 {
3841 }
3843 {
3846 }
3847 else
3849 }
3854 {
3856 {
3867 }
3870 }
3873 /* ----------------------------------------------------------------
3874 * process_postgres_switches
3875 * Parse command line arguments for backends
3876 *
3877 * This is called twice, once for the "secure" options coming from the
3878 * postmaster or command line, and once for the "insecure" options coming
3879 * from the client's startup packet. The latter have the same syntax but
3880 * may be restricted in what they can do.
3881 *
3882 * argv[0] is ignored in either case (it's assumed to be the program name).
3883 *
3884 * ctx is PGC_POSTMASTER for secure options, PGC_BACKEND for insecure options
3885 * coming from the client, or PGC_SU_BACKEND for insecure options coming from
3886 * a superuser client.
3887 *
3888 * If a database name is present in the command line arguments, it's
3889 * returned into *dbname (this is allowed only if *dbname is initially NULL).
3890 * ----------------------------------------------------------------
3891 */
3892 void
3895 {
3898 GucSource gucsource;
3902 {
3905 /* Ignore the initial --single argument, if present */
3907 {
3908 argv++;
3909 argc--;
3910 }
3911 }
3912 else
3913 {
3915 }
3917 #ifdef HAVE_INT_OPTERR
3919 /*
3920 * Turn this off because it's either printed to stderr and not the log
3921 * where we'd want it, or argv[0] is now "--single", which would make for
3922 * a weird error message. We print our own error message below.
3923 */
3925 #endif
3927 /*
3928 * Parse command-line options. CAUTION: keep this in sync with
3929 * postmaster/postmaster.c (the option sets should not conflict) and with
3930 * the common help() function in main/main.c.
3931 */
3933 {
3935 {
3941 /* Undocumented flag used for binary upgrades */
3947 /* ignored for consistency with the postmaster */
3952 {
3958 {
3963 optarg)));
3964 else
3968 optarg)));
3969 }
3974 }
4000 errs++;
4029 /* ignored for consistency with postmaster */
4045 /* send output (stdout and stderr) to the given file */
4059 /* ignored for consistency with the postmaster */
4063 {
4068 else
4069 errs++;
4071 }
4075 /*
4076 * -v is no longer used in normal operation, since
4077 * FrontendProtocol is already set before we get here. We keep
4078 * the switch only for possible use in standalone operation,
4079 * in case we ever support using normal FE/BE protocol with a
4080 * standalone backend.
4081 */
4091 errs++;
4093 }
4097 }
4099 /*
4100 * Optional database name should be there only if *dbname is NULL.
4101 */
4106 {
4110 /* spell the error message a bit differently depending on context */
4116 else
4122 }
4124 /*
4125 * Reset getopt(3) library so that it will work correctly in subprocesses
4126 * or when this function is called a second time with another array.
4127 */
4129 #ifdef HAVE_INT_OPTRESET
4131 #endif
4132 }
4135 /*
4136 * PostgresSingleUserMain
4137 * Entry point for single user mode. argc/argv are the command line
4138 * arguments to be used.
4139 *
4140 * Performs single user specific setup then calls PostgresMain() to actually
4141 * process queries. Single user mode specific setup should go here, rather
4142 * than PostgresMain() or InitPostgres() when reasonably possible.
4143 */
4144 void
4147 {
4152 /* Initialize startup process environment. */
4155 /*
4156 * Set default values for command-line options.
4157 */
4160 /*
4161 * Parse command-line options.
4162 */
4165 /* Must have gotten a database name, or have a default (the username) */
4167 {
4173 progname)));
4174 }
4176 /* Acquire configuration parameters */
4180 /*
4181 * Validate we have been given a reasonable-looking DataDir and change
4182 * into it.
4183 */
4187 /*
4188 * Create lockfile for data directory.
4189 */
4192 /* read control file (error checking and contains config ) */
4195 /*
4196 * process any libraries that should be preloaded at postmaster start
4197 */
4200 /* Initialize MaxBackends */
4203 /*
4204 * We don't need postmaster child slots in single-user mode, but
4205 * initialize them anyway to avoid having special handling.
4206 */
4209 /* Initialize size of fast-path lock cache. */
4212 /*
4213 * Give preloaded libraries a chance to request additional shared memory.
4214 */
4217 /*
4218 * Now that loadable modules have had their chance to request additional
4219 * shared memory, determine the value of any runtime-computed GUCs that
4220 * depend on the amount of shared memory required.
4221 */
4224 /*
4225 * Now that modules have been loaded, we can process any custom resource
4226 * managers specified in the wal_consistency_checking GUC.
4227 */
4232 /*
4233 * Remember stand-alone backend startup time,roughly at the same point
4234 * during startup that postmaster does so.
4235 */
4238 /*
4239 * Create a per-backend PGPROC struct in shared memory. We must do this
4240 * before we can use LWLocks.
4241 */
4244 /*
4245 * Now that sufficient infrastructure has been initialized, PostgresMain()
4246 * can do the rest.
4247 */
4249 }
4252 /* ----------------------------------------------------------------
4253 * PostgresMain
4254 * postgres main loop -- all backends, interactive or otherwise loop here
4255 *
4256 * dbname is the name of the database to connect to, username is the
4257 * PostgreSQL user name to be used for the session.
4258 *
4259 * NB: Single user mode specific setup should go to PostgresSingleUserMain()
4260 * if reasonably possible.
4261 * ----------------------------------------------------------------
4262 */
4263 void
4265 {
4266 sigjmp_buf local_sigjmp_buf;
4268 /* these must be volatile to ensure state is preserved across longjmp: */
4278 /*
4279 * Set up signal handlers. (InitPostmasterChild or InitStandaloneProcess
4280 * has already set up BlockSig and made that the active signal mask.)
4281 *
4282 * Note that postmaster blocked all signals before forking child process,
4283 * so there is no race condition whereby we might receive a signal before
4284 * we have set up the handler.
4285 *
4286 * Also note: it's best not to use any signals that are SIG_IGNored in the
4287 * postmaster. If such a signal arrives before we are able to change the
4288 * handler to non-SIG_IGN, it'll get dropped. Instead, make a dummy
4289 * handler in the postmaster to reserve the signal. (Of course, this isn't
4290 * an issue for signals that are locally generated, such as SIGALRM and
4291 * SIGPIPE.)
4292 */
4295 else
4296 {
4301 /*
4302 * In a postmaster child backend, replace SignalHandlerForCrashExit
4303 * with quickdie, so we can tell the client we're dying.
4304 *
4305 * In a standalone backend, SIGQUIT can be generated from the keyboard
4306 * easily, while SIGTERM cannot, so we make both signals do die()
4307 * rather than quickdie().
4308 */
4311 else
4315 /*
4316 * Ignore failure to write to frontend. Note: if frontend closes
4317 * connection, we will notice it and exit cleanly when control next
4318 * returns to outer loop. This seems safer than forcing exit in the
4319 * midst of output during who-knows-what operation...
4320 */
4326 /*
4327 * Reset some signals that are accepted by postmaster but not by
4328 * backend
4329 */
4331 * platforms */
4332 }
4334 /* Early initialization */
4337 /* We need to allow SIGINT, etc during the initial transaction */
4340 /*
4341 * Generate a random cancel key, if this is a backend serving a
4342 * connection. InitPostgres() will advertise it in shared memory.
4343 */
4346 {
4348 {
4352 }
4354 }
4356 /*
4357 * General initialization.
4358 *
4359 * NOTE: if you are tempted to add code in this vicinity, consider putting
4360 * it inside InitPostgres() instead. In particular, anything that
4361 * involves database access should be there, not here.
4362 *
4363 * Honor session_preload_libraries if not dealing with a WAL sender.
4364 */
4370 /*
4371 * If the PostmasterContext is still around, recycle the space; we don't
4372 * need it anymore after InitPostgres completes.
4373 */
4375 {
4378 }
4382 /*
4383 * Now all GUC states are fully set up. Report them to client if
4384 * appropriate.
4385 */
4388 /*
4389 * Also set up handler to log session end; we have to wait till now to be
4390 * sure Log_disconnections has its final value.
4391 */
4397 /* Perform initialization specific to a WAL sender process. */
4401 /*
4402 * Send this backend's cancellation info to the frontend.
4403 */
4405 {
4406 StringInfoData buf;
4413 /* Need not flush since ReadyForQuery will do it. */
4414 }
4416 /* Welcome banner for standalone case */
4420 /*
4421 * Create the memory context we will use in the main loop.
4422 *
4423 * MessageContext is reset once per iteration of the main loop, ie, upon
4424 * completion of processing of each command message from the client.
4425 */
4428 ALLOCSET_DEFAULT_SIZES);
4430 /*
4431 * Create memory context and buffer used for RowDescription messages. As
4432 * SendRowDescriptionMessage(), via exec_describe_statement_message(), is
4433 * frequently executed for ever single statement, we don't want to
4434 * allocate a separate buffer every time.
4435 */
4438 ALLOCSET_DEFAULT_SIZES);
4443 /* Fire any defined login event triggers, if appropriate */
4446 /*
4447 * POSTGRES main processing loop begins here
4448 *
4449 * If an exception is encountered, processing resumes here so we abort the
4450 * current transaction and start a new one.
4451 *
4452 * You might wonder why this isn't coded as an infinite loop around a
4453 * PG_TRY construct. The reason is that this is the bottom of the
4454 * exception stack, and so with PG_TRY there would be no exception handler
4455 * in force at all during the CATCH part. By leaving the outermost setjmp
4456 * always active, we have at least some chance of recovering from an error
4457 * during error recovery. (If we get into an infinite loop thereby, it
4458 * will soon be stopped by overflow of elog.c's internal state stack.)
4459 *
4460 * Note that we use sigsetjmp(..., 1), so that this function's signal mask
4461 * (to wit, UnBlockSig) will be restored when longjmp'ing to here. This
4462 * is essential in case we longjmp'd out of a signal handler on a platform
4463 * where that leaves the signal blocked. It's not redundant with the
4464 * unblock in AbortTransaction() because the latter is only called if we
4465 * were inside a transaction.
4466 */
4469 {
4470 /*
4471 * NOTE: if you are tempted to add more code in this if-block,
4472 * consider the high probability that it should be in
4473 * AbortTransaction() instead. The only stuff done directly here
4474 * should be stuff that is guaranteed to apply *only* for outer-level
4475 * error recovery, such as adjusting the FE/BE protocol status.
4476 */
4478 /* Since not using PG_TRY, must reset error stack by hand */
4481 /* Prevent interrupts while cleaning up */
4484 /*
4485 * Forget any pending QueryCancel request, since we're returning to
4486 * the idle loop anyway, and cancel any active timeout requests. (In
4487 * future we might want to allow some timeout requests to survive, but
4488 * at minimum it'd be necessary to do reschedule_timeouts(), in case
4489 * we got here because of a query cancel interrupting the SIGALRM
4490 * interrupt handler.) Note in particular that we must clear the
4491 * statement and lock timeout indicators, to prevent any future plain
4492 * query cancels from being misreported as timeouts in case we're
4493 * forgetting a timeout cancel.
4494 */
4500 /* Not reading from the client anymore. */
4503 /* Make sure libpq is in a good state */
4506 /* Report the error to the client and/or server log */
4509 /*
4510 * If Valgrind noticed something during the erroneous query, print the
4511 * query string, assuming we have one.
4512 */
4515 /*
4516 * Make sure debug_query_string gets reset before we possibly clobber
4517 * the storage it points at.
4518 */
4521 /*
4522 * Abort the current transaction in order to recover.
4523 */
4531 /*
4532 * We can't release replication slots inside AbortTransaction() as we
4533 * need to be able to start and abort transactions while having a slot
4534 * acquired. But we never need to hold them across top level errors,
4535 * so releasing here is fine. There also is a before_shmem_exit()
4536 * callback ensuring correct cleanup on FATAL errors.
4537 */
4541 /* We also want to cleanup temporary slots on error. */
4546 /*
4547 * Now return to normal top-level context and clear ErrorContext for
4548 * next time.
4549 */
4553 /*
4554 * If we were handling an extended-query-protocol message, initiate
4555 * skip till next Sync. This also causes us not to issue
4556 * ReadyForQuery (until we get Sync).
4557 */
4561 /* We don't have a transaction command open anymore */
4564 /*
4565 * If an error occurred while we were reading a message from the
4566 * client, we have potentially lost track of where the previous
4567 * message ends and the next one begins. Even though we have
4568 * otherwise recovered from the error, we cannot safely read any more
4569 * messages from the client, so there isn't much we can do with the
4570 * connection anymore.
4571 */
4577 /* Now we can allow interrupts again */
4579 }
4581 /* We can now handle ereport(ERROR) */
4587 /*
4588 * Non-error queries loop here.
4589 */
4592 {
4594 StringInfoData input_message;
4596 /*
4597 * At top of loop, reset extended-query-message flag, so that any
4598 * errors encountered in "idle" state don't provoke skip.
4599 */
4602 /*
4603 * For valgrind reporting purposes, the "current query" begins here.
4604 */
4605 #ifdef USE_VALGRIND
4607 #endif
4609 /*
4610 * Release storage left over from prior query cycle, and create a new
4611 * query input buffer in the cleared MessageContext.
4612 */
4618 /*
4619 * Also consider releasing our catalog snapshot if any, so that it's
4620 * not preventing advance of global xmin while we wait for the client.
4621 */
4624 /*
4625 * (1) If we've reached idle state, tell the frontend we're ready for
4626 * a new query.
4627 *
4628 * Note: this includes fflush()'ing the last of the prior output.
4629 *
4630 * This is also a good time to flush out collected statistics to the
4631 * cumulative stats system, and to update the PS stats display. We
4632 * avoid doing those every time through the message loop because it'd
4633 * slow down processing of batched messages, and because we don't want
4634 * to report uncommitted updates (that confuses autovacuum). The
4635 * notification processor wants a call too, if we are not in a
4636 * transaction block.
4637 *
4638 * Also, if an idle timeout is enabled, start the timer for that.
4639 */
4641 {
4643 {
4647 /* Start the idle-in-transaction timer */
4650 {
4653 IdleInTransactionSessionTimeout);
4654 }
4655 }
4657 {
4661 /* Start the idle-in-transaction timer */
4664 {
4667 IdleInTransactionSessionTimeout);
4668 }
4669 }
4670 else
4671 {
4674 /*
4675 * Process incoming notifies (including self-notifies), if
4676 * any, and send relevant messages to the client. Doing it
4677 * here helps ensure stable behavior in tests: if any notifies
4678 * were received during the just-finished transaction, they'll
4679 * be seen by the client before ReadyForQuery is.
4680 */
4684 /*
4685 * Check if we need to report stats. If pgstat_report_stat()
4686 * decides it's too soon to flush out pending stats / lock
4687 * contention prevented reporting, it'll tell us when we
4688 * should try to report stats again (so that stats updates
4689 * aren't unduly delayed if the connection goes idle for a
4690 * long time). We only enable the timeout if we don't already
4691 * have a timeout in progress, because we don't disable the
4692 * timeout below. enable_timeout_after() needs to determine
4693 * the current timestamp, which can have a negative
4694 * performance impact. That's OK because pgstat_report_stat()
4695 * won't have us wake up sooner than a prior call.
4696 */
4699 {
4702 stats_timeout);
4703 }
4704 else
4705 {
4706 /* all stats flushed, no need for the timeout */
4709 }
4714 /* Start the idle-session timer */
4716 {
4719 IdleSessionTimeout);
4720 }
4721 }
4723 /* Report any recently-changed GUC options */
4728 }
4730 /*
4731 * (2) Allow asynchronous signals to be executed immediately if they
4732 * come in while we are waiting for client input. (This must be
4733 * conditional since we don't want, say, reads on behalf of COPY FROM
4734 * STDIN doing the same thing.)
4735 */
4738 /*
4739 * (3) read a command (loop blocks here)
4740 */
4743 /*
4744 * (4) turn off the idle-in-transaction and idle-session timeouts if
4745 * active. We do this before step (5) so that any last-moment timeout
4746 * is certain to be detected in step (5).
4747 *
4748 * At most one of these timeouts will be active, so there's no need to
4749 * worry about combining the timeout.c calls into one.
4750 */
4752 {
4755 }
4757 {
4760 }
4762 /*
4763 * (5) disable async signal conditions again.
4764 *
4765 * Query cancel is supposed to be a no-op when there is no query in
4766 * progress, so if a query cancel arrived while we were idle, just
4767 * reset QueryCancelPending. ProcessInterrupts() has that effect when
4768 * it's called when DoingCommandRead is set, so check for interrupts
4769 * before resetting DoingCommandRead.
4770 */
4774 /*
4775 * (6) check for any other interesting events that happened while we
4776 * slept.
4777 */
4779 {
4782 }
4784 /*
4785 * (7) process the command. But ignore it if we're skipping till
4786 * Sync.
4787 */
4792 {
4794 {
4797 /* Set statement_timestamp() */
4804 {
4807 }
4808 else
4814 }
4818 {
4826 /* Set statement_timestamp() */
4833 {
4837 }
4844 }
4850 /* Set statement_timestamp() */
4853 /*
4854 * this message is complex enough that it seems best to put
4855 * the field extraction out-of-line
4856 */
4859 /* exec_bind_message does valgrind_report_error_query */
4863 {
4869 /* Set statement_timestamp() */
4878 /* exec_execute_message does valgrind_report_error_query */
4879 }
4885 /* Set statement_timestamp() */
4888 /* Report query to various monitoring facilities. */
4892 /* start an xact for this function invocation */
4895 /*
4896 * Note: we may at this point be inside an aborted
4897 * transaction. We can't throw error for that until we've
4898 * finished reading the function-call message, so
4899 * HandleFunctionRequest() must check for it after doing so.
4900 * Be careful not to do anything that assumes we're inside a
4901 * valid transaction here.
4902 */
4904 /* switch back to message context */
4909 /* commit the function-invocation transaction */
4918 {
4929 {
4933 else
4934 {
4935 /* special-case the unnamed statement */
4937 }
4940 {
4941 Portal portal;
4946 }
4952 close_type)));
4954 }
4960 }
4964 {
4970 /* Set statement_timestamp() (needed for xact) */
4978 {
4989 describe_type)));
4991 }
4994 }
5006 /*
5007 * If pipelining was used, we may be in an implicit
5008 * transaction block. Close it before calling
5009 * finish_xact_command.
5010 */
5017 /*
5018 * 'X' means that the frontend is closing down the socket. EOF
5019 * means unexpected loss of frontend connection. Either way,
5020 * perform normal shutdown.
5021 */
5024 /* for the cumulative statistics system */
5027 /* FALLTHROUGH */
5031 /*
5032 * Reset whereToSendOutput to prevent ereport from attempting
5033 * to send any more messages to client.
5034 */
5038 /*
5039 * NOTE: if you are tempted to add more code here, DON'T!
5040 * Whatever you had in mind to do should be set up as an
5041 * on_proc_exit or on_shmem_exit callback, instead. Otherwise
5042 * it will fail to be called during other backend-shutdown
5043 * scenarios.
5044 */
5051 /*
5052 * Accept but ignore these messages, per protocol spec; we
5053 * probably got here because a COPY failed, and the frontend
5054 * is still sending data.
5055 */
5062 firstchar)));
5063 }
5065 }
5067 /*
5068 * Throw an error if we're a WAL sender process.
5069 *
5070 * This is used to forbid anything else than simple query protocol messages
5071 * in a WAL sender process. 'firstchar' specifies what kind of a forbidden
5072 * message was received, and is used to construct the error message.
5073 */
5074 static void
5076 {
5078 {
5083 else
5087 }
5088 }
5091 /*
5092 * Obtain platform stack depth limit (in bytes)
5093 *
5094 * Return -1 if unknown
5095 */
5096 long
5098 {
5099 #if defined(HAVE_GETRLIMIT)
5102 /* This won't change after process launch, so check just once */
5104 {
5111 /* rlim_cur is probably of an unsigned type, so check for overflow */
5114 else
5116 }
5118 #else
5119 /* On Windows we set the backend stack size in src/backend/Makefile */
5121 #endif
5122 }
5128 void
5130 {
5133 }
5135 void
5137 {
5138 StringInfoData str;
5140 sys;
5149 {
5152 }
5154 {
5157 }
5159 {
5162 }
5164 /*
5165 * The only stats we don't show here are ixrss, idrss, isrss. It takes
5166 * some work to interpret them, and most platforms don't fill them in.
5167 */
5185 #ifndef WIN32
5187 /*
5188 * The following rusage fields are not defined by POSIX, but they're
5189 * present on all current Unix-like systems so we use them without any
5190 * special checks. Some of these could be provided in our Windows
5191 * emulation in src/port/win32getrusage.c with more work.
5192 */
5195 #if defined(__darwin__)
5196 /* in bytes on macOS */
5198 #else
5199 /* in kilobytes on most other platforms */
5200 r.ru_maxrss
5201 #endif
5202 );
5206 /* they only drink coffee at dec */
5230 /* remove trailing newline */
5239 }
5241 /*
5242 * on_proc_exit handler to log end of session
5243 */
5244 static void
5246 {
5252 minutes,
5253 seconds;
5271 }
5273 /*
5274 * Start statement timeout timer, if enabled.
5275 *
5276 * If there's already a timeout running, don't restart the timer. That
5277 * enables compromises between accuracy of timeouts and cost of starting a
5278 * timeout.
5279 */
5280 static void
5282 {
5283 /* must be within an xact */
5288 {
5291 }
5292 else
5293 {
5296 }
5297 }
5299 /*
5300 * Disable statement timeout, if active.
5301 */
5302 static void
5304 {
5307 }