On Tue, 7 May 2024 at 17:28, Tom Lane <tgl@sss.pgh.pa.us> wrote: > What I'm trying to figure out here is whether we have a live bug > in this area in released branches; and if so, why we've not seen > reports of that.
We could check what portions of REALLOCATE_BITMAPSETS are backpatchable. It may not be applicable very far back because of v16's 00b41463c. The bms_del_member() would have left a zero set rather than doing bms_free() prior to that commit. There could be a bug in v16.
I also think there might be a bug in v16, as long as 'sjinfo->syn_lefthand' and 'rinfo->outer_relids' are referencing the same bitmapset and the content of this bitmapset is altered through 'sjinfo->syn_lefthand' without 'rinfo->outer_relids' being aware of these changes. I tried to compose a query that can trigger this bug but failed though.
Another thing that comes to my mind is that this issue shows that RestrictInfo.outer_relids could contain references to removed rels and joins, and RestrictInfo.outer_relids could be referenced after the removal of useless left joins. Currently we do not have a mechanism to clean out the bits in outer_relids during outer join removal. That is to say, RestrictInfo.outer_relids might be referenced while including rels that should have been removed. I'm not sure if this is a problem.
