Thread: More vacuum.c refactoring

More vacuum.c refactoring

From
Manfred Koizar
Date:
Near the end of repair_frag() in vacuum.c -- under the comment /* clean
moved tuples from last page in Nvacpagelist list */ -- there is code
that marks itemids as unused.  Itemids affected are those referring to
tuples that have been moved off the last page.

This code is very similar to vacuum_page().  The major difference is
that vacuum_page() uses vacpage->offsets while the code in repair_frag()
looks for MOVED_OFF bits in tuple headers.  AFAICS the tuples with the
MOVED_OFF bit set are exactly those referenced by vacpage->offsets.

The attached patch passes make check and make installcheck.  Please
apply unless I'm missing something.

Servus
 Manfred
diff -Ncr ../base/src/backend/commands/vacuum.c src/backend/commands/vacuum.c
*** ../base/src/backend/commands/vacuum.c    Wed Jun  2 21:46:59 2004
--- src/backend/commands/vacuum.c    Thu Jun 10 18:50:26 2004
***************
*** 2288,2355 ****
              vacpage->offsets_free > 0)
          {
              Buffer            buf;
-             Page            page;
-             OffsetNumber    unused[BLCKSZ / sizeof(OffsetNumber)];
-             OffsetNumber    offnum,
-                             maxoff;
-             int                uncnt;
-             int                num_tuples = 0;

              buf = ReadBuffer(onerel, vacpage->blkno);
              LockBuffer(buf, BUFFER_LOCK_EXCLUSIVE);
!             page = BufferGetPage(buf);
!             maxoff = PageGetMaxOffsetNumber(page);
!             for (offnum = FirstOffsetNumber;
!                  offnum <= maxoff;
!                  offnum = OffsetNumberNext(offnum))
!             {
!                 ItemId    itemid = PageGetItemId(page, offnum);
!                 HeapTupleHeader htup;
!
!                 if (!ItemIdIsUsed(itemid))
!                     continue;
!                 htup = (HeapTupleHeader) PageGetItem(page, itemid);
!                 if (htup->t_infomask & HEAP_XMIN_COMMITTED)
!                     continue;
!
!                 /*
!                 ** See comments in the walk-along-page loop above, why we
!                 ** have Asserts here instead of if (...) elog(ERROR).
!                 */
!                 Assert(!(htup->t_infomask & HEAP_MOVED_IN));
!                 Assert(htup->t_infomask & HEAP_MOVED_OFF);
!                 Assert(HeapTupleHeaderGetXvac(htup) == myXID);
!
!                 itemid->lp_flags &= ~LP_USED;
!                 num_tuples++;
!
!             }
!             Assert(vacpage->offsets_free == num_tuples);
!
!             START_CRIT_SECTION();
!
!             uncnt = PageRepairFragmentation(page, unused);
!
!             /* XLOG stuff */
!             if (!onerel->rd_istemp)
!             {
!                 XLogRecPtr    recptr;
!
!                 recptr = log_heap_clean(onerel, buf, unused, uncnt);
!                 PageSetLSN(page, recptr);
!                 PageSetSUI(page, ThisStartUpID);
!             }
!             else
!             {
!                 /*
!                  * No XLOG record, but still need to flag that XID exists
!                  * on disk
!                  */
!                 MyXactMadeTempRelUpdate = true;
!             }
!
!             END_CRIT_SECTION();
!
              LockBuffer(buf, BUFFER_LOCK_UNLOCK);
              WriteBuffer(buf);
          }
--- 2288,2297 ----
              vacpage->offsets_free > 0)
          {
              Buffer            buf;

              buf = ReadBuffer(onerel, vacpage->blkno);
              LockBuffer(buf, BUFFER_LOCK_EXCLUSIVE);
!             vacuum_page(onerel, buf, vacpage);
              LockBuffer(buf, BUFFER_LOCK_UNLOCK);
              WriteBuffer(buf);
          }

Re: More vacuum.c refactoring

From
Tom Lane
Date:
Manfred Koizar <mkoi-pg@aon.at> writes:
> This code is very similar to vacuum_page().  The major difference is
> that vacuum_page() uses vacpage->offsets while the code in repair_frag()
> looks for MOVED_OFF bits in tuple headers.  AFAICS the tuples with the
> MOVED_OFF bit set are exactly those referenced by vacpage->offsets.

This does not make me comfortable.  You *think* that two different bits
of code are doing the same thing, so you want to hack up vacuum.c?  This
module is delicate code --- we've had tons of bugs there in the past
--- and no I have zero confidence that passing the regression tests
proves anything, because all those prior bugs passed the regression
tests.
        regards, tom lane


Re: More vacuum.c refactoring

From
Manfred Koizar
Date:
On Thu, 10 Jun 2004 17:19:22 -0400, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>This does not make me comfortable.

I understand you, honestly.  Do I read between your lines that you
didn't review my previous vacuum.c refactoring patch?  Please do.  It'd
make *me* more comfortable.

>  You *think* that two different bits of code are doing the same thing,

I see three significant differences between the code in repair_frag()
and vacuum_page().

1) vacuum_page() hasAssert(vacpage->offsets_used == 0);

vacpage is the last VacPage that has been inserted into Nvacpagelist.
It is allocated in line 1566, offsets_used is immediately set to 0 and
never changed.  So this Assert(...) doesn't hurt.

2) In vacuum_page() the lp_flags are set inside a critical section.

This is no problem because the clear-used-flags loop does not
elog(ERROR, ...).  Please correct me if I'm wrong.

3) vacuum_page() uses vacpage->offsets to locate the itemids that are to
be updated.

If we can show that these are the same itemids that belong to the tuples
that are found by inspecting the tuple headers, then the two code
snippets are equivalent.  The first hint that this is the case isAssert(vacpage->offsets_free == num_tuples);

So both spots expect to update the same number of itemids.  What about
the contents of the offsets[] array?  Offset numbers are entered into
this array by statements like
vacpage->offsets[vacpage->offsets_free++] = offnum;

in or immediately after the walk-along-page loop.  These assignments are
preceded either by code that sets the appropriate infomask bits or by
assertions that the bits are already set appropriately.

The rest (from PageRepairFragmentation to END_CRIT_SECTION) is
identical.

> so you want to hack up vacuum.c?  This
>module is delicate code --- we've had tons of bugs there in the past

But why is it so delicate?  Not only because it handles difficult
problems, but also because it is written in a not very
maintenance-friendly way.  Before I started refactoring the code
repair_frag() had more than 1100 lines and (almost) all variables used
anywhere in the function were declared at function level.

We cannot declare a code freeze for a module just because it is so badly
written that every change is likely to break it.  Someday someone will
*have* to change it.

Better we break it today in an effort to make the code clearer.  

>--- and no I have zero confidence that passing the regression tests
>proves anything

Unfortunately you are right :-(

ServusManfred


Re: More vacuum.c refactoring

From
Alvaro Herrera
Date:
On Fri, Jun 11, 2004 at 02:00:07AM +0200, Manfred Koizar wrote:

If I may ...

> > so you want to hack up vacuum.c?  This
> >module is delicate code --- we've had tons of bugs there in the past
> 
> But why is it so delicate?  Not only because it handles difficult
> problems, but also because it is written in a not very
> maintenance-friendly way.  Before I started refactoring the code
> repair_frag() had more than 1100 lines and (almost) all variables used
> anywhere in the function were declared at function level.

I agree.  This code is horrid.  I also agree with Tom in that this
should be done with extreme caution, but it is a needed task.

Maybe we could establish heavier testing for this kind of change so
potential patches can be tested extensively.  Concurrent vacuums with
all kinds of imaginable operations (insert, updates, deletes), in tight
loops, could be a start.

-- 
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"No es bueno caminar con un hombre muerto"



Re: More vacuum.c refactoring

From
Tom Lane
Date:
Manfred Koizar <mkoi-pg@aon.at> writes:
> I understand you, honestly.  Do I read between your lines that you
> didn't review my previous vacuum.c refactoring patch?  Please do.  It'd
> make *me* more comfortable.

I did not yet, but I will get to it.  I encourage everyone else to
take a look too.  I agree with Alvaro that fooling with this code
merits extreme caution.

BTW, I do not at all mean to suggest that vacuum.c contains no bugs
at the moment ;-).  I suspect for example that it is a bit random
about whether MOVED_OFF/MOVED_IN bits get cleared immediately, or
only by the next transaction that chances to visit the tuple.  The
next-transaction-fixup behavior has to be there in case the VACUUM
transaction crashes, but that doesn't mean that VACUUM should
deliberately leave work undone.

> I see three significant differences between the code in repair_frag()
> and vacuum_page().

Will study these comments later, but it's too late at night here...
again, the more eyeballs on this the better...
        regards, tom lane


Re: More vacuum.c refactoring

From
Tom Lane
Date:
Alvaro Herrera <alvherre@dcc.uchile.cl> writes:
> Maybe we could establish heavier testing for this kind of change so
> potential patches can be tested extensively.  Concurrent vacuums with
> all kinds of imaginable operations (insert, updates, deletes), in tight
> loops, could be a start.

VACUUM FULL takes an exclusive lock, so it should not have to worry
about concurrent operations on the table.  What we have to think about
is the initial states it can see.
        regards, tom lane


Re: More vacuum.c refactoring

From
Bruce Momjian
Date:
Where are we on this?

---------------------------------------------------------------------------

Tom Lane wrote:
> Manfred Koizar <mkoi-pg@aon.at> writes:
> > I understand you, honestly.  Do I read between your lines that you
> > didn't review my previous vacuum.c refactoring patch?  Please do.  It'd
> > make *me* more comfortable.
> 
> I did not yet, but I will get to it.  I encourage everyone else to
> take a look too.  I agree with Alvaro that fooling with this code
> merits extreme caution.
> 
> BTW, I do not at all mean to suggest that vacuum.c contains no bugs
> at the moment ;-).  I suspect for example that it is a bit random
> about whether MOVED_OFF/MOVED_IN bits get cleared immediately, or
> only by the next transaction that chances to visit the tuple.  The
> next-transaction-fixup behavior has to be there in case the VACUUM
> transaction crashes, but that doesn't mean that VACUUM should
> deliberately leave work undone.
> 
> > I see three significant differences between the code in repair_frag()
> > and vacuum_page().
> 
> Will study these comments later, but it's too late at night here...
> again, the more eyeballs on this the better...
> 
>             regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


Re: More vacuum.c refactoring

From
Bruce Momjian
Date:
Where are we on this, 2x.  :-)

---------------------------------------------------------------------------

Bruce Momjian wrote:
> 
> Where are we on this?
> 
> ---------------------------------------------------------------------------
> 
> Tom Lane wrote:
> > Manfred Koizar <mkoi-pg@aon.at> writes:
> > > I understand you, honestly.  Do I read between your lines that you
> > > didn't review my previous vacuum.c refactoring patch?  Please do.  It'd
> > > make *me* more comfortable.
> > 
> > I did not yet, but I will get to it.  I encourage everyone else to
> > take a look too.  I agree with Alvaro that fooling with this code
> > merits extreme caution.
> > 
> > BTW, I do not at all mean to suggest that vacuum.c contains no bugs
> > at the moment ;-).  I suspect for example that it is a bit random
> > about whether MOVED_OFF/MOVED_IN bits get cleared immediately, or
> > only by the next transaction that chances to visit the tuple.  The
> > next-transaction-fixup behavior has to be there in case the VACUUM
> > transaction crashes, but that doesn't mean that VACUUM should
> > deliberately leave work undone.
> > 
> > > I see three significant differences between the code in repair_frag()
> > > and vacuum_page().
> > 
> > Will study these comments later, but it's too late at night here...
> > again, the more eyeballs on this the better...
> > 
> >             regards, tom lane
> > 
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> >       subscribe-nomail command to majordomo@postgresql.org so that your
> >       message can get through to the mailing list cleanly
> > 
> 
> -- 
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


Re: More vacuum.c refactoring

From
Manfred Koizar
Date:
[Sorry for the late reply.  I'm still struggling to catch up after
vacation ...]

On Fri, 9 Jul 2004 21:29:52 -0400 (EDT), Bruce Momjian
<pgman@candle.pha.pa.us> wrote:
>
>Where are we on this, 2x.  :-)

Here:
>> Tom Lane wrote:
>> > Will study these comments later, but it's too late at night here...

ServusManfred


Re: More vacuum.c refactoring

From
Tom Lane
Date:
Manfred Koizar <mkoi-pg@aon.at> writes:
> On Fri, 9 Jul 2004 21:29:52 -0400 (EDT), Bruce Momjian
> <pgman@candle.pha.pa.us> wrote:
>> 
>> Where are we on this, 2x.  :-)

> Here:
> Tom Lane wrote:
> Will study these comments later, but it's too late at night here...

I haven't had time to review the original, already-applied refactoring,
let alone the follow-up.  Considering that there's been at least one bug
report against the original (unused variable IIRC), I think it does need
reviewing.
        regards, tom lane


Re: Refactoring

From
Manfred Koizar
Date:
[Sorry, Neil, for abusing your thread.  Moving this discussion back to
where it belongs.]

On Tue, 18 Jan 2005 13:17:17 -0300, Alvaro Herrera
<alvherre@dcc.uchile.cl> wrote:
>Hmm.  I think this is a good idea on principle, but what happens in case
>a previous vacuum was interrupted?  Is there a possibility that tuples
>belonging to that vacuum are still marked MOVED_OFF but are not in
>vacpage->offsets, for example?

These bits are handled by an earlier phase of VACUUM, by
HeapTupleSatisfiesVacuum() in scan_heap().  My first vacuum.c
refactoring patch, rev 1.281 2004-06-08, added these comments in
repair_frag():

/** VACUUM FULL has an exclusive lock on the relation.  So* normally no other transaction can have pending INSERTs or*
DELETEsin this relation.  A tuple is either*   (a) a tuple in a system catalog, inserted or deleted by*       a not yet
committedtransaction or*   (b) dead (XMIN_INVALID or XMAX_COMMITTED) or*   (c) inserted by a committed xact
(XMIN_COMMITTED)or*   (d) moved by the currently running VACUUM.* In case (a) we wouldn't be in repair_frag() at all.*
Incase (b) we cannot be here, because scan_heap() has* already marked the item as unused, see continue above.* Case (c)
iswhat normally is to be expected.* Case (d) is only possible, if a whole tuple chain has been* moved while processing
thisor a higher numbered block.*/
 

/** There cannot be another concurrently running VACUUM.  If* the tuple had been moved in by a previous VACUUM, the*
visibilitycheck would have set XMIN_COMMITTED.  If the* tuple had been moved in by the currently running VACUUM,* the
loopwould have been terminated.  We had* elog(ERROR, ...) here, but as we are testing for a* can't-happen condition,
Assert()seems more appropriate.*/
 

/** MOVED_OFF by another VACUUM would have caused the* visibility check to set XMIN_COMMITTED or XMIN_INVALID.*/

This should answer your question, unless the comments are wrong.  (BTW
parts of that patch have been backed out by someone, so you won't find
the second comment in current sources.)

As for the problem whether the two code paths deal with the same set of
tuples, read
http://archives.postgresql.org/pgsql-hackers/2004-06/msg00410.php:

| [...] These assignments are
| preceded either by code that sets the appropriate infomask bits or by
| assertions that the bits are already set appropriately.

ServusManfred


Re: Refactoring

From
Manfred Koizar
Date:
On Wed, 19 Jan 2005 18:57:48 +0100, I wrote:
>  My first vacuum.c
>refactoring patch, rev 1.281 2004-06-08, added these comments in
>repair_frag():
>
>/*
> * VACUUM FULL has an exclusive lock on the relation.  So
> * normally no other transaction can have pending INSERTs or
> * DELETEs in this relation.  A tuple is either
> *   (a) a tuple in a system catalog, inserted or deleted by
> *       a not yet committed transaction or
> *   (b) dead (XMIN_INVALID or XMAX_COMMITTED) or
> *   (c) inserted by a committed xact (XMIN_COMMITTED) or
> *   (d) moved by the currently running VACUUM.
> * In case (a) we wouldn't be in repair_frag() at all.
> * In case (b) we cannot be here, because scan_heap() has
> * already marked the item as unused, see continue above.
> * Case (c) is what normally is to be expected.
> * Case (d) is only possible, if a whole tuple chain has been
> * moved while processing this or a higher numbered block.
> */

It turns out that this comment is not quite correct.  It is incomplete.
Case (b) should be: known dead (XMIN_INVALID, or XMAX_COMMITTED and xmax
is visible to all active transactions).

And there is a fifth possibility: (e) deleted (XMAX_COMMITTED) but at
least one active transaction does not see the deleting transaction.

The patch seems to imply that case (e) is a subcase of (b), but
effectively tuples in this state are treated more like (c).

ServusManfred


Re: Refactoring

From
Bruce Momjian
Date:
Manfred Koizar wrote:
> On Wed, 19 Jan 2005 18:57:48 +0100, I wrote:
> >  My first vacuum.c
> >refactoring patch, rev 1.281 2004-06-08, added these comments in
> >repair_frag():
> >
> >/*
> > * VACUUM FULL has an exclusive lock on the relation.  So
> > * normally no other transaction can have pending INSERTs or
> > * DELETEs in this relation.  A tuple is either
> > *   (a) a tuple in a system catalog, inserted or deleted by
> > *       a not yet committed transaction or
> > *   (b) dead (XMIN_INVALID or XMAX_COMMITTED) or
> > *   (c) inserted by a committed xact (XMIN_COMMITTED) or
> > *   (d) moved by the currently running VACUUM.
> > * In case (a) we wouldn't be in repair_frag() at all.
> > * In case (b) we cannot be here, because scan_heap() has
> > * already marked the item as unused, see continue above.
> > * Case (c) is what normally is to be expected.
> > * Case (d) is only possible, if a whole tuple chain has been
> > * moved while processing this or a higher numbered block.
> > */
> 
> It turns out that this comment is not quite correct.  It is incomplete.
> Case (b) should be: known dead (XMIN_INVALID, or XMAX_COMMITTED and xmax
> is visible to all active transactions).
> 
> And there is a fifth possibility: (e) deleted (XMAX_COMMITTED) but at
> least one active transaction does not see the deleting transaction.
> 
> The patch seems to imply that case (e) is a subcase of (b), but
> effectively tuples in this state are treated more like (c).

OK, comment updated to:
           /* ---            * VACUUM FULL has an exclusive lock on the relation.  So            * normally no other
transactioncan have pending INSERTs or            * DELETEs in this relation.  A tuple is either:            *      (a)
atuple in a system catalog, inserted or deleted            *          by a not yet committed transaction            *
  (b) known dead (XMIN_INVALID, or XMAX_COMMITTED and xmax            *          is visible to all active transactions)
          *      (c) inserted by a committed xact (XMIN_COMMITTED)            *      (d) moved by the currently running
VACUUM.           *      (e) deleted (XMAX_COMMITTED) but at least one active            *          transaction does
notsee the deleting transaction            * In case (a) we wouldn't be in repair_frag() at all.            * In case
(b)we cannot be here, because scan_heap() has            * already marked the item as unused, see continue above. Case
         * (c) is what normally is to be expected. Case (d) is only            * possible, if a whole tuple chain has
beenmoved while            * processing this or a higher numbered block.            * ---            */
 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073