Re: SQL/JSON features for v15 - Mailing list pgsql-hackers

From Andres Freund
Subject Re: SQL/JSON features for v15
Date
Msg-id 20220816010421.dhqpuv7e33zorspa@awork3.anarazel.de
Whole thread Raw
In response to Re: SQL/JSON features for v15  (Andres Freund <andres@anarazel.de>)
List pgsql-hackers
Hi,

On 2022-08-15 15:38:53 -0700, Andres Freund wrote:
> Next question:
> 
>     /*
>      * We should catch exceptions of category ERRCODE_DATA_EXCEPTION and
>      * execute the corresponding ON ERROR behavior then.
>      */
>     oldcontext = CurrentMemoryContext;
>     oldowner = CurrentResourceOwner;
> 
>     Assert(error);
> 
>     BeginInternalSubTransaction(NULL);
>     /* Want to execute expressions inside function's memory context */
>     MemoryContextSwitchTo(oldcontext);
> 
>     PG_TRY();
>     {
>         res = func(op, econtext, res, resnull, p, error);
> 
>         /* Commit the inner transaction, return to outer xact context */
>         ReleaseCurrentSubTransaction();
>         MemoryContextSwitchTo(oldcontext);
>         CurrentResourceOwner = oldowner;
>     }
>     PG_CATCH();
>     {
>         ErrorData  *edata;
>         int            ecategory;
> 
>         /* Save error info in oldcontext */
>         MemoryContextSwitchTo(oldcontext);
>         edata = CopyErrorData();
>         FlushErrorState();
> 
>         /* Abort the inner transaction */
>         RollbackAndReleaseCurrentSubTransaction();
>         MemoryContextSwitchTo(oldcontext);
>         CurrentResourceOwner = oldowner;
> 
> 
> Two points:
> 
> 1) I suspect it's not safe to switch to oldcontext before calling func().
> 
> On error we'll have leaked memory into oldcontext and we'll just continue
> on. It might not be very consequential here, because the calling context
> presumably isn't very long lived, but that's probably not something we should
> rely on.
> 
> Also, are we sure that the context will be in a clean state when it's used
> within an erroring subtransaction?
> 
> 
> I think the right thing here would be to stay in the subtransaction context
> and then copy the datum out to the surrounding context in the success case.
> 
> 
> 2) If there was an out-of-memory error, it'll have been in oldcontext. So
> switching back to it before calling CopyErrorData() doesn't seem good - we'll
> just hit OOM issues again.
> 
> 
> I realize that both of these issues are present in plenty other code (see
> e.g. plperl_spi_exec()). So I'm curious why they are ok?

Certainly seems to be missing a FreeErrorData() for the happy path?


It'd be nicer if we didn't copy the error. In the case we rethrow we don't
need it, because we can just PG_RE_THROW(). And in the other path we just want
to get the error code. It just risks additional errors to CopyErrorData(). But
it's not entirely obvious that geterrcode() is intended for this:

 * This is only intended for use in error callback subroutines, since there
 * is no other place outside elog.c where the concept is meaningful.
 */

a PG_CATCH() block isn't really an error callback subroutine. But it should be
fine.

Greetings,

Andres Freund



pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: Cleaning up historical portability baggage
Next
From: Andres Freund
Date:
Subject: Re: Cleaning up historical portability baggage