Thread: pg_filedump 9.3: checksums (and a few other fixes)

Attached is a first draft of an update to pg_filedump for 9.3. I know
pg_filedump is a pgfoundry project, but that seems like it's just there
to host the download; so please excuse the slightly off-topic post here
on -hackers.

I made a few changes to support 9.3, which were mostly fixes related two
things:

 * new htup_details.h and changes related to FK concurrency improvements
 * XLogRecPtr is now a uint64

And, of course, I added support for checksums. They are always displayed
and calculated, but it only throws an error if you pass "-k". Only the
user knows whether checksums are enabled, because we removed page-level
bits indicating the presence of a checksum.

The patch is a bit ugly: I had to copy some code, and copy the entire
checksum.c file (minus some Asserts, which don't work in an external
program). Suggestions welcome.

Regards,
    Jeff Davis

Jeff Davis wrote:

> --- 1000,1015 ----
>           strcat (flagString, "HASEXTERNAL|");
>         if (infoMask & HEAP_HASOID)
>           strcat (flagString, "HASOID|");
> +       if (infoMask & HEAP_XMAX_KEYSHR_LOCK)
> +         strcat (flagString, "XMAX_KEYSHR_LOCK|");
>         if (infoMask & HEAP_COMBOCID)
>           strcat (flagString, "COMBOCID|");
>         if (infoMask & HEAP_XMAX_EXCL_LOCK)
>           strcat (flagString, "XMAX_EXCL_LOCK|");
> !       if (infoMask & HEAP_XMAX_SHR_LOCK)
> !         strcat (flagString, "XMAX_SHR_LOCK|");
> !       if (infoMask & HEAP_XMAX_LOCK_ONLY)
> !         strcat (flagString, "XMAX_LOCK_ONLY|");
>         if (infoMask & HEAP_XMIN_COMMITTED)
>           strcat (flagString, "XMIN_COMMITTED|");
>         if (infoMask & HEAP_XMIN_INVALID)

Hm, note that XMAX_SHR_LOCK is two bits, so when that flag is present
you will get the three lock modes displayed with the above code, which is
probably going to be misleading.  htup_details.h does this:

/** Use these to test whether a particular lock is applied to a tuple*/
#define HEAP_XMAX_IS_SHR_LOCKED(infomask) \(((infomask) & HEAP_LOCK_MASK) == HEAP_XMAX_SHR_LOCK)
#define HEAP_XMAX_IS_EXCL_LOCKED(infomask) \(((infomask) & HEAP_LOCK_MASK) == HEAP_XMAX_EXCL_LOCK)
#define HEAP_XMAX_IS_KEYSHR_LOCKED(infomask) \(((infomask) & HEAP_LOCK_MASK) == HEAP_XMAX_KEYSHR_LOCK)

Presumably it'd be better to do something similar.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

On Mon, 2013-06-10 at 01:28 -0400, Alvaro Herrera wrote:
> Hm, note that XMAX_SHR_LOCK is two bits, so when that flag is present
> you will get the three lock modes displayed with the above code, which is
> probably going to be misleading.  htup_details.h does this:
> 
> /*
>  * Use these to test whether a particular lock is applied to a tuple
>  */
> #define HEAP_XMAX_IS_SHR_LOCKED(infomask) \
>     (((infomask) & HEAP_LOCK_MASK) == HEAP_XMAX_SHR_LOCK)
> #define HEAP_XMAX_IS_EXCL_LOCKED(infomask) \
>     (((infomask) & HEAP_LOCK_MASK) == HEAP_XMAX_EXCL_LOCK)
> #define HEAP_XMAX_IS_KEYSHR_LOCKED(infomask) \
>     (((infomask) & HEAP_LOCK_MASK) == HEAP_XMAX_KEYSHR_LOCK)
> 
> Presumably it'd be better to do something similar.

I was hesitant to do too much interpretation of the bits. Do you think
it would be better to just remove the test for XMAX_SHR_LOCK?

Regards,Jeff Davis

Jeff Davis wrote:

> I was hesitant to do too much interpretation of the bits. Do you think
> it would be better to just remove the test for XMAX_SHR_LOCK?

I don't know, but then I'm biased because I know what that specific bit
combination means.  I guess someone that doesn't know is going to be
surprised by seeing both lock strength bits together .. but maybe
they're just going to have a look at htup_details.h and instantly
understand what's going on.  Not sure how likely that is.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> Jeff Davis wrote:
>> I was hesitant to do too much interpretation of the bits. Do you think
>> it would be better to just remove the test for XMAX_SHR_LOCK?

> I don't know, but then I'm biased because I know what that specific bit
> combination means.  I guess someone that doesn't know is going to be
> surprised by seeing both lock strength bits together .. but maybe
> they're just going to have a look at htup_details.h and instantly
> understand what's going on.  Not sure how likely that is.

I think it's all right because there are only 4 combinations of the two
bits and all 4 will be printed sensibly if we do it this way.  It would
be bad if pg_filedump could print invalid flag combinations in a
misleading way --- but I don't see such a risk here.  So we might as
well go for readability.

The thing I'm not too happy about is having to copy the checksum code
into pg_filedump.  We just got rid of the need to do that for the CRC
code, and here it is coming back again.  Can't we rearrange the core
checksum code similarly to what we did for the CRC stuff recently,
so that you only need access to a .h file for it?
        regards, tom lane

On Mon, 2013-06-10 at 11:38 -0400, Tom Lane wrote:
> The thing I'm not too happy about is having to copy the checksum code
> into pg_filedump.  We just got rid of the need to do that for the CRC
> code, and here it is coming back again.  Can't we rearrange the core
> checksum code similarly to what we did for the CRC stuff recently,
> so that you only need access to a .h file for it?

The CRC implementation is entirely in header files. Do you think we need
to go that far, or is it fine to just put it in libpgport and link that
to pg_filedump?

Regards,Jeff Davis

Jeff Davis wrote:
> On Mon, 2013-06-10 at 11:38 -0400, Tom Lane wrote:
> > The thing I'm not too happy about is having to copy the checksum code
> > into pg_filedump.  We just got rid of the need to do that for the CRC
> > code, and here it is coming back again.  Can't we rearrange the core
> > checksum code similarly to what we did for the CRC stuff recently,
> > so that you only need access to a .h file for it?
> 
> The CRC implementation is entirely in header files. Do you think we need
> to go that far, or is it fine to just put it in libpgport and link that
> to pg_filedump?

If a lib is okay, use libpgcommon please, not libpgport.  But I think a
.h would be better, because there'd be no need to have a built source
tree to build pg_filedump, only the headers installed.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> Jeff Davis wrote:
>> The CRC implementation is entirely in header files. Do you think we need
>> to go that far, or is it fine to just put it in libpgport and link that
>> to pg_filedump?

> If a lib is okay, use libpgcommon please, not libpgport.  But I think a
> .h would be better, because there'd be no need to have a built source
> tree to build pg_filedump, only the headers installed.

Neither lib would provide a useful solution so far as Red Hat's
packaging is concerned, because those libs are not exposed to other
packages (and never will be, unless we start supplying them as .so's)
        regards, tom lane

Jeff Davis <pgsql@j-davis.com> writes:
> The patch is a bit ugly: I had to copy some code, and copy the entire
> checksum.c file (minus some Asserts, which don't work in an external
> program). Suggestions welcome.

What I propose we do about this is reduce backend/storage/page/checksum.c
to something like

#include "postgres.h"
#include "storage/checksum.h"
#include "storage/checksum_impl.h"

moving all the code currently in the file into a new .h file.  Then,
any external programs such as pg_filedump can use the checksum code
by including checksum_impl.h.  This is essentially the same thing we
did with the CRC support functionality some time ago.

Also, we have the cut-point between checksum.c and bufpage.c at the
wrong place.  IMO we should move PageCalcChecksum16 in toto into
checksum.c (or really now into checksum_impl.h), because that and not
just checksum_block() is the functionality that is wanted.
        regards, tom lane

On Thu, 2013-06-13 at 20:09 -0400, Tom Lane wrote:
> What I propose we do about this is reduce backend/storage/page/checksum.c
> to something like
> 
> #include "postgres.h"
> #include "storage/checksum.h"
> #include "storage/checksum_impl.h"
> 
> moving all the code currently in the file into a new .h file.  Then,
> any external programs such as pg_filedump can use the checksum code
> by including checksum_impl.h.  This is essentially the same thing we
> did with the CRC support functionality some time ago.

Thank you for taking care of that. After seeing that it needed to be in
a header file, I was going to try doing it all as macros.

I have a question about the commit though: shouldn't both functions be
static if they are in a .h file? Otherwise, it could lead to naming
conflicts. I suppose it's wrong to include the implementation file
twice, but it still might be confusing if someone tries. Two ideas that
come to mind are: * make both static and then have a trivial wrapper in checksum.c * export one or both functions, but
use#ifndef CHECKSUM_IMPL_H to
 
prevent redefinition

> Also, we have the cut-point between checksum.c and bufpage.c at the
> wrong place.  IMO we should move PageCalcChecksum16 in toto into
> checksum.c (or really now into checksum_impl.h), because that and not
> just checksum_block() is the functionality that is wanted.

Agreed.

Regards,Jeff Davis

Jeff Davis <pgsql@j-davis.com> writes:
> I have a question about the commit though: shouldn't both functions be
> static if they are in a .h file? Otherwise, it could lead to naming
> conflicts. I suppose it's wrong to include the implementation file
> twice, but it still might be confusing if someone tries. Two ideas that
> come to mind are:
>   * make both static and then have a trivial wrapper in checksum.c
>   * export one or both functions, but use #ifndef CHECKSUM_IMPL_H to
> prevent redefinition

Ah, you are right, I forgot the #ifndef CHECKSUM_IMPL_H dance.  Will fix
in a bit.
        regards, tom lane

On 2013-06-14 11:59:04 -0400, Tom Lane wrote:
> Jeff Davis <pgsql@j-davis.com> writes:
> > I have a question about the commit though: shouldn't both functions be
> > static if they are in a .h file? Otherwise, it could lead to naming
> > conflicts. I suppose it's wrong to include the implementation file
> > twice, but it still might be confusing if someone tries. Two ideas that
> > come to mind are:
> >   * make both static and then have a trivial wrapper in checksum.c
> >   * export one or both functions, but use #ifndef CHECKSUM_IMPL_H to
> > prevent redefinition
> 
> Ah, you are right, I forgot the #ifndef CHECKSUM_IMPL_H dance.  Will fix
> in a bit.

That won't help against errors if it's included in two different
files/translation units though. I don't really see a valid case where it
could be validly be included multiple times in one TU?
If anything we should #error in that case, but I am not sure it's worth
bothering.
E.g. in rmgrlist.h we have the following comment:
/* there is deliberately not an #ifndef RMGRLIST_H here */
and I think the reasoning behind that comment applies here as well.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

Andres Freund <andres@2ndquadrant.com> writes:
> On 2013-06-14 11:59:04 -0400, Tom Lane wrote:
>> Ah, you are right, I forgot the #ifndef CHECKSUM_IMPL_H dance.  Will fix
>> in a bit.

> That won't help against errors if it's included in two different
> files/translation units though.

Good point, but there's not any real reason to do that --- only
checksum.h should ever be #include'd in more than one file.  Any program
using this stuff is expected to #include checksum_impl.h in exactly one
place.  So maybe it's fine as-is.

> E.g. in rmgrlist.h we have the following comment:
> /* there is deliberately not an #ifndef RMGRLIST_H here */
> and I think the reasoning behind that comment applies here as well.

Well, that's a different case: there, and also in kwlist.h, there's an
idea that it could actually be useful to #include the file more than
once, redefining the PG_RMGR() macro each time.  There's no such use
case that I can see for checksum_impl.h.
        regards, tom lane

On Thu, 2013-06-13 at 20:09 -0400, Tom Lane wrote:
> What I propose we do about this is reduce backend/storage/page/checksum.c
> to something like
>
> #include "postgres.h"
> #include "storage/checksum.h"
> #include "storage/checksum_impl.h"

Attached a new diff for pg_filedump that makes use of the above change.

I'm not sure what the resolution of Alvaro's concern was, so I left the
flag reporting the same as the previous patch.

Regards,
    Jeff Davis

On Tue, Jun 18, 2013 at 12:42 PM, Jeff Davis <pgsql@j-davis.com> wrote:
> Attached a new diff for pg_filedump that makes use of the above change.
>
> I'm not sure what the resolution of Alvaro's concern was, so I left the
> flag reporting the same as the previous patch.

This patch is in the current CommitFest, does it still need to be
reviewed? If so, I notice that the version in pgfoundry's CVS is
rather different than the version the patch seems to have been built
against (presumably the pg_filedump-9.2.0.tar.gz release), and
conflicts in several places with cvs tip.

Also, would anyone be willing to convert this repository to git and
post it on github or similar? pgfoundry is becoming increasingly
difficult to use, for instance the 'Browse CVS Repository' link for
pg_filedump and other projects is broken[1] and apparently has been
for months[2], not to mention the general crumminess of using CVS [3].

Josh

[1] http://pgfoundry.org/scm/browser.php?group_id=1000541
[2] http://pgfoundry.org/forum/forum.php?thread_id=15554&forum_id=44&group_id=1000013
[3] Since the pgfoundry cvs server apparently doesn't support the 'ls'
command, you might need to know this to know which module name to
check out: cvs -d
:pserver:anonymous@cvs.pgfoundry.org:/cvsroot/pgfiledump checkout
pg_filedump

Josh Kupershmidt <schmiddy@gmail.com> writes:
> This patch is in the current CommitFest, does it still need to be
> reviewed? If so, I notice that the version in pgfoundry's CVS is
> rather different than the version the patch seems to have been built
> against (presumably the pg_filedump-9.2.0.tar.gz release), and
> conflicts in several places with cvs tip.

Yeah, I pushed some basic 9.3 compatibility fixes into pg_filedump CVS
a few weeks back.  If someone could rebase the patch against that,
I'd appreciate it.

> Also, would anyone be willing to convert this repository to git and
> post it on github or similar?

I know it's time to get off of pgfoundry, but doing so for pg_filedump
is way down the priority list ...
        regards, tom lane

On Mon, 2013-06-24 at 20:34 -0400, Josh Kupershmidt wrote:
> This patch is in the current CommitFest, does it still need to be
> reviewed? If so, I notice that the version in pgfoundry's CVS is
> rather different than the version the patch seems to have been built
> against (presumably the pg_filedump-9.2.0.tar.gz release), and
> conflicts in several places with cvs tip.

Oh, thank you. After browsing the CVS repo failed, I just made the diff
against 9.2.0. I'll rebase it.

Regards,Jeff Davis

On Mon, 2013-06-24 at 20:34 -0400, Josh Kupershmidt wrote:
> This patch is in the current CommitFest, does it still need to be
> reviewed? If so, I notice that the version in pgfoundry's CVS is
> rather different than the version the patch seems to have been built
> against (presumably the pg_filedump-9.2.0.tar.gz release), and
> conflicts in several places with cvs tip.

Rebased against CVS tip; attached.

> Also, would anyone be willing to convert this repository to git and
> post it on github or similar? pgfoundry is becoming increasingly
> difficult to use, for instance the 'Browse CVS Repository' link for
> pg_filedump and other projects is broken[1] and apparently has been
> for months[2], not to mention the general crumminess of using CVS [3].

Eventually, it would be nice to have a more full-featured offline
checker utility. Do we want to try to turn this utility into that, or
make a new one?

Regards,
    Jeff Davis

Jeff Davis <pgsql@j-davis.com> writes:
> On Mon, 2013-06-24 at 20:34 -0400, Josh Kupershmidt wrote:
>> This patch is in the current CommitFest, does it still need to be
>> reviewed? If so, I notice that the version in pgfoundry's CVS is
>> rather different than the version the patch seems to have been built
>> against (presumably the pg_filedump-9.2.0.tar.gz release), and
>> conflicts in several places with cvs tip.

> Rebased against CVS tip; attached.

Thanks.  I'm feeling pretty overworked these days but will try to push
this into pgfoundry in a timely fashion.

> Eventually, it would be nice to have a more full-featured offline
> checker utility. Do we want to try to turn this utility into that, or
> make a new one?

TBH, I've always been annoyed that pg_filedump is GPL and so there's no
way for us to just ship it in contrib.  (That stems from Red Hat
corporate policy of a dozen years ago, but the conflict is real anyway.)
If somebody is sufficiently excited about this topic to do something
that's largely new anyway, I'd be in favor of starting from scratch so
it could be put under the usual Postgres license.
        regards, tom lane

On Wed, Jun 26, 2013 at 8:27 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> TBH, I've always been annoyed that pg_filedump is GPL and so there's no
> way for us to just ship it in contrib.  (That stems from Red Hat
> corporate policy of a dozen years ago, but the conflict is real anyway.)
> If somebody is sufficiently excited about this topic to do something
> that's largely new anyway, I'd be in favor of starting from scratch so
> it could be put under the usual Postgres license.

Heroku are interested in online verification of basebackups (i.e.
using checksums to verify the integrity of heap files as they are
backed up, with a view to relying less and less on logical backups). I
am very glad that you made the page checksums stuff available to
external utilities in commit f04216341dd1cc235e975f93ac806d9d3729a344.

In the last couple of days, I haven't been able to figure out a way to
solve the problem of torn pages in a way that isn't a complete kludge
(with a hopefully-acceptable risk of false positives), so I've been
operating under the assumption that anything I produce here won't be
up to the standards of contrib. I had intended to release whatever
results as an open source project anyway. However, if we can figure
out a way to solve the torn pages problem, or at least produce
something acceptable, I think I'd certainly be able to find the time
to work on a contrib module that is mainly concerned with verifying
basebackups, but also offers some pg_filedump-like functionality.
That's something largely new.

-- 
Peter Geoghegan

On 2013-06-26 21:18:49 -0700, Peter Geoghegan wrote:
> On Wed, Jun 26, 2013 at 8:27 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > TBH, I've always been annoyed that pg_filedump is GPL and so there's no
> > way for us to just ship it in contrib.  (That stems from Red Hat
> > corporate policy of a dozen years ago, but the conflict is real anyway.)
> > If somebody is sufficiently excited about this topic to do something
> > that's largely new anyway, I'd be in favor of starting from scratch so
> > it could be put under the usual Postgres license.
> 
> Heroku are interested in online verification of basebackups (i.e.
> using checksums to verify the integrity of heap files as they are
> backed up, with a view to relying less and less on logical backups). I
> am very glad that you made the page checksums stuff available to
> external utilities in commit f04216341dd1cc235e975f93ac806d9d3729a344.
> 
> In the last couple of days, I haven't been able to figure out a way to
> solve the problem of torn pages in a way that isn't a complete kludge
> (with a hopefully-acceptable risk of false positives), so I've been
> operating under the assumption that anything I produce here won't be
> up to the standards of contrib.

Why not do this from a function/background worker in the backend where
you can go via the buffer manager to avoid torn pages et al. If you use
a buffer strategy the cache poisoning et al should be controlleable.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

On Wed, Jun 26, 2013 at 11:27 PM, Andres Freund <andres@2ndquadrant.com> wrote:
> Why not do this from a function/background worker in the backend where
> you can go via the buffer manager to avoid torn pages et al. If you use
> a buffer strategy the cache poisoning et al should be controlleable.

I had considered that, but thought it might be a little bit
aggressive, even with a strategy of BAS_BULKREAD. Maybe the kludge I
have in mind might not end up being that bad in practice, and would
certainly perform better than an approach that used the buffer
manager. But then, going through shared_buffers could be worth the
overhead, if only for the peace of mind of not relying on something
that is subtly broken.


-- 
Peter Geoghegan

On 2013-06-26 23:42:55 -0700, Peter Geoghegan wrote:
> On Wed, Jun 26, 2013 at 11:27 PM, Andres Freund <andres@2ndquadrant.com> wrote:
> > Why not do this from a function/background worker in the backend where
> > you can go via the buffer manager to avoid torn pages et al. If you use
> > a buffer strategy the cache poisoning et al should be controlleable.
> 
> I had considered that, but thought it might be a little bit
> aggressive, even with a strategy of BAS_BULKREAD.

Well, you can influence the pacing yourself, you don't need to rely on
the strategy for that. I'd only use it because of the ringbuffer logic
it has to avoid trashing the cache.

> Maybe the kludge I
> have in mind might not end up being that bad in practice, and would
> certainly perform better than an approach that used the buffer
> manager.

What do you have in mind then?

> But then, going through shared_buffers could be worth the
> overhead, if only for the peace of mind of not relying on something
> that is subtly broken.

Spurious alarms quickly lead to people ignoring them, consciously or
not, so trying to take care not to go there sounds like a good idea.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

On Tue, Jun 18, 2013 at 9:42 AM, Jeff Davis <pgsql@j-davis.com> wrote:
> I'm not sure what the resolution of Alvaro's concern was, so I left the
> flag reporting the same as the previous patch.

Alvaro's concern was that the new flags added (those added by the
foreign key locks patch) do something cute with re-using multiple
other bits in an otherwise nonsensical combination to represent a
distinct state. So as written, the infoMask if statements will result
in spurious reporting of information stored in t_infomask. If you AND
some integer with HEAP_XMAX_SHR_LOCK and get something non-zero,
you'll surely also get a non-zero result with HEAP_LOCK_MASK, because
the latter flag has all the same bits set as the former (plus others,
obviously).


-- 
Peter Geoghegan

On Thu, Jun 27, 2013 at 12:07 AM, Peter Geoghegan <pg@heroku.com> wrote:
>> I'm not sure what the resolution of Alvaro's concern was, so I left the
>> flag reporting the same as the previous patch.
>
> Alvaro's concern was that the new flags added (those added by the
> foreign key locks patch) do something cute with re-using multiple
> other bits in an otherwise nonsensical combination to represent a
> distinct state.

I just realized that it wasn't that you didn't understand the nature
of the problem, but that you weren't sure of a resolution. Sorry for
the noise.

-- 
Peter Geoghegan

Andres Freund <andres@2ndquadrant.com> writes:
> On 2013-06-26 21:18:49 -0700, Peter Geoghegan wrote:
>> Heroku are interested in online verification of basebackups (i.e.
>> using checksums to verify the integrity of heap files as they are
>> backed up, with a view to relying less and less on logical backups).

> Why not do this from a function/background worker in the backend where
> you can go via the buffer manager to avoid torn pages et al. If you use
> a buffer strategy the cache poisoning et al should be controlleable.

That would require having a functioning postmaster environment, which
seems like it would make such a tool much less flexible.
        regards, tom lane

On 2013-06-27 09:51:07 -0400, Tom Lane wrote:
> Andres Freund <andres@2ndquadrant.com> writes:
> > On 2013-06-26 21:18:49 -0700, Peter Geoghegan wrote:
> >> Heroku are interested in online verification of basebackups (i.e.
> >> using checksums to verify the integrity of heap files as they are
> >> backed up, with a view to relying less and less on logical backups).
> 
> > Why not do this from a function/background worker in the backend where
> > you can go via the buffer manager to avoid torn pages et al. If you use
> > a buffer strategy the cache poisoning et al should be controlleable.
> 
> That would require having a functioning postmaster environment, which
> seems like it would make such a tool much less flexible.

I personally wouldn't trust online backups that aren't proven to be
replayable into a runnable state very much. I have seen too many cases
where that failed.

Maybe the trick is to add a recovery.conf option to make postgres replay
to the first restartpoint and then shutdown. At that point you can be
sure there aren't any torn pages anymore (bugs aside).
In fact that sounds like a rather useful pg_basebackup extension...

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

On Thu, 2013-06-27 at 15:59 +0200, Andres Freund wrote:
> Maybe the trick is to add a recovery.conf option to make postgres replay
> to the first restartpoint and then shutdown. At that point you can be
> sure there aren't any torn pages anymore (bugs aside).
> In fact that sounds like a rather useful pg_basebackup extension...

+1
Jeff Davis

Hi,

I have reviewed this patch as a CF reviewer.

(2013/06/27 4:07), Jeff Davis wrote:
> On Mon, 2013-06-24 at 20:34 -0400, Josh Kupershmidt wrote:
>> This patch is in the current CommitFest, does it still need to be
>> reviewed? If so, I notice that the version in pgfoundry's CVS is
>> rather different than the version the patch seems to have been built
>> against (presumably the pg_filedump-9.2.0.tar.gz release), and
>> conflicts in several places with cvs tip.
>
> Rebased against CVS tip; attached.

It looks fine, but I have one question here.

When I run pg_filedump with -k against a database cluster which
does not support checksums, pg_filedump produced checksum error as
following. Is this expected or acceptable?

-----------------------------------------------------------------
*******************************************************************
* PostgreSQL File/Block Formatted Dump Utility - Version 9.3.0
*
* File: /tmp/pgsql/data/base/16384/16397
* Options used: -k
*
* Dump created on: Sat Jul  6 10:32:15 2013
*******************************************************************

Block    0 ********************************************************
<Header> -----
  Block Offset: 0x00000000         Offsets: Lower     268 (0x010c)
  Block: Size 8192  Version    4            Upper     384 (0x0180)
  LSN:  logid      0 recoff 0x00000000      Special  8192 (0x2000)
  Items:   61                      Free Space:  116
  Checksum: 0x0000  Prune XID: 0x00000000  Flags: 0x0000 ()
  Length (including item array): 268

  Error: checksum failure: calculated 0xf797.

<Data> ------
  Item   1 -- Length:  121  Offset: 8064 (0x1f80)  Flags: NORMAL
  Item   2 -- Length:  121  Offset: 7936 (0x1f00)  Flags: NORMAL
  Item   3 -- Length:  121  Offset: 7808 (0x1e80)  Flags: NORMAL
-----------------------------------------------------------------

Please check attached script to reproduce it.

Also, I have update the help message and README.
Please check attached patch.

Regards,
--
Satoshi Nagayasu <snaga@uptime.jp>
Uptime Technologies, LLC. http://www.uptime.jp

On Sat, 2013-07-06 at 10:30 +0900, Satoshi Nagayasu wrote:
> Hi,
> 
> It looks fine, but I have one question here.
> 
> When I run pg_filedump with -k against a database cluster which
> does not support checksums, pg_filedump produced checksum error as
> following. Is this expected or acceptable?

Thank you for taking a look. That is expected, because there is not a
good way to determine whether the file was created with checksums or
not. So, we rely on the user to supply (or not) the -k flag.

Regards,Jeff Davis

On Fri, 2013-07-05 at 22:43 -0700, Jeff Davis wrote:
> On Sat, 2013-07-06 at 10:30 +0900, Satoshi Nagayasu wrote:
> > Hi,
> > 
> > It looks fine, but I have one question here.
> > 
> > When I run pg_filedump with -k against a database cluster which
> > does not support checksums, pg_filedump produced checksum error as
> > following. Is this expected or acceptable?
> 
> Thank you for taking a look. That is expected, because there is not a
> good way to determine whether the file was created with checksums or
> not. So, we rely on the user to supply (or not) the -k flag.

I see this patch is still "waiting on author" in the CF. Is there
something else needed from me, or should we move this to "ready for
committer"?

Regards,Jeff Davis

On Mon, Jul 8, 2013 at 10:28 AM, Jeff Davis <pgsql@j-davis.com> wrote:
> I see this patch is still "waiting on author" in the CF. Is there
> something else needed from me, or should we move this to "ready for
> committer"?

Well, obviously someone still needs to think through the handling of
the infoMask bits.

Alvaro?

-- 
Peter Geoghegan

Peter Geoghegan escribió:
> On Mon, Jul 8, 2013 at 10:28 AM, Jeff Davis <pgsql@j-davis.com> wrote:
> > I see this patch is still "waiting on author" in the CF. Is there
> > something else needed from me, or should we move this to "ready for
> > committer"?
> 
> Well, obviously someone still needs to think through the handling of
> the infoMask bits.

Well, Tom opined in
http://www.postgresql.org/message-id/23249.1370878717@sss.pgh.pa.us that
the current patch is okay.  I have a mild opinion that it should instead
print only SHR_LOCK when both bits are set, and one of the others when
only one of them is set.  But I don't have a strong opinion about this,
and since Tom disagrees with me, feel free to exercise your own (Jeff's)
judgement.

Tom's the only available committer in this case anyway.  [Actually,
pgfoundry.org says it's a zero-people team in the pgfiledump project
right now, but I'm hoping that's just a temporary glitch.]

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

On Mon, Jul 8, 2013 at 11:52 AM, Alvaro Herrera
<alvherre@2ndquadrant.com> wrote:
> Well, Tom opined in
> http://www.postgresql.org/message-id/23249.1370878717@sss.pgh.pa.us that
> the current patch is okay.  I have a mild opinion that it should instead
> print only SHR_LOCK when both bits are set, and one of the others when
> only one of them is set.  But I don't have a strong opinion about this,
> and since Tom disagrees with me, feel free to exercise your own (Jeff's)
> judgement.

I'm inclined to agree with you here, but I suppose it isn't all that important.


-- 
Peter Geoghegan

Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> Well, Tom opined in
> http://www.postgresql.org/message-id/23249.1370878717@sss.pgh.pa.us that
> the current patch is okay.  I have a mild opinion that it should instead
> print only SHR_LOCK when both bits are set, and one of the others when
> only one of them is set.  But I don't have a strong opinion about this,
> and since Tom disagrees with me, feel free to exercise your own (Jeff's)
> judgement.

FWIW, I think that's exactly what I did in the preliminary 9.3 patch
that I committed to pg_filedump a few weeks ago.  Could you take a look
at what's there now and see if that's what you meant?
        regards, tom lane

On 07/08/2013 04:59 PM, Tom Lane wrote:
> Alvaro Herrera <alvherre@2ndquadrant.com> writes:
>> Well, Tom opined in
>> http://www.postgresql.org/message-id/23249.1370878717@sss.pgh.pa.us that
>> the current patch is okay.  I have a mild opinion that it should instead
>> print only SHR_LOCK when both bits are set, and one of the others when
>> only one of them is set.  But I don't have a strong opinion about this,
>> and since Tom disagrees with me, feel free to exercise your own (Jeff's)
>> judgement.
> 
> FWIW, I think that's exactly what I did in the preliminary 9.3 patch
> that I committed to pg_filedump a few weeks ago.  Could you take a look
> at what's there now and see if that's what you meant?

So, is this getting committed today, or do we bounce it?

-- 
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com

Josh Berkus <josh@agliodbs.com> writes:
> On 07/08/2013 04:59 PM, Tom Lane wrote:
>> FWIW, I think that's exactly what I did in the preliminary 9.3 patch
>> that I committed to pg_filedump a few weeks ago.  Could you take a look
>> at what's there now and see if that's what you meant?

> So, is this getting committed today, or do we bounce it?

I was hoping for a comment from Alvaro, but wouldn't have gotten to
committing it today in any case.  IMO this patch doesn't really belong
in the commitfest queue, since pg_filedump isn't part of the community
distribution.
        regards, tom lane

Tom Lane escribió:
> Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> > Well, Tom opined in
> > http://www.postgresql.org/message-id/23249.1370878717@sss.pgh.pa.us that
> > the current patch is okay.  I have a mild opinion that it should instead
> > print only SHR_LOCK when both bits are set, and one of the others when
> > only one of them is set.  But I don't have a strong opinion about this,
> > and since Tom disagrees with me, feel free to exercise your own (Jeff's)
> > judgement.
> 
> FWIW, I think that's exactly what I did in the preliminary 9.3 patch
> that I committed to pg_filedump a few weeks ago.  Could you take a look
> at what's there now and see if that's what you meant?

Here's sample output (-i) from the new code, i.e. this commit:
revision 1.7
date: 2013/06/06 18:33:17;  author: tgl;  state: Exp;  lines: +14 -10
Preliminary updates for Postgres 9.3.


<Data> ------ Item   1 -- Length:   28  Offset: 8160 (0x1fe0)  Flags: NORMAL XMIN: 692  XMAX: 693  CID|XVAC: 0 Block
Id:0  linp Index: 1   Attributes: 1   Size: 24 infomask: 0x0190 (XMAX_KEYSHR_LOCK|XMAX_LOCK_ONLY|XMIN_COMMITTED) 
 
Item   2 -- Length:   28  Offset: 8128 (0x1fc0)  Flags: NORMAL XMIN: 692  XMAX: 694  CID|XVAC: 0 Block Id: 0  linp
Index:2   Attributes: 1   Size: 24 infomask: 0x01d0 (XMAX_KEYSHR_LOCK|XMAX_EXCL_LOCK|XMAX_LOCK_ONLY|XMIN_COMMITTED) 
 
Item   3 -- Length:   28  Offset: 8096 (0x1fa0)  Flags: NORMAL XMIN: 692  XMAX: 695  CID|XVAC: 0 Block Id: 0  linp
Index:3   Attributes: 1   Size: 24 infomask: 0x01c0 (XMAX_EXCL_LOCK|XMAX_LOCK_ONLY|XMIN_COMMITTED) 
 
Item   4 -- Length:   28  Offset: 8064 (0x1f80)  Flags: NORMAL XMIN: 696  XMAX: 697  CID|XVAC: 0 Block Id: 0  linp
Index:4   Attributes: 1   Size: 24 infomask: 0x01c0 (XMAX_EXCL_LOCK|XMAX_LOCK_ONLY|XMIN_COMMITTED|KEYS_UPDATED) 
 

Item 1 has SELECT FOR KEY SHARE
Item 2 has SELECT FOR SHARE
Item 3 has SELECT FOR NO KEY UPDATE
Item 4 has SELECT FOR UPDATE

The one I was talking about is the second case, which prints
KEYSHR_LOCK|EXCL_LOCK to mean that there's a FOR SHARE lock.  I have no
problem reading it this way, but I fear that someone unfamiliar with
these bits might be confused.  On the other hand, trying to be nice and
interpret these bits (i.e. translate presence of both into something
like SHR_LOCK) might also be confusing, because that bit doesn't really
exist.  And one already needs to be careful while interpreting what do
KEYS_UPDATED and XMAX_LOCK_ONLY, or lack thereof, mean.

Perhaps it would be sensible to provide one more output line per tuple,
with interpretation of the flags, so it would tell you whether the tuple
has been locked or updated, and what kind of each it is.  I'd propose
something like
 status: locked (FOR {KEY SHARE,SHARE,NO KEY UPDATE,UPDATE}) [MultiXact: nnn] status: [HOT] updated (KEYS UPDATED/KEYS
NOTUPDATED) [MultiXact: nnn]  To: blk/off status: deleted [MultiXact: nnn]
 

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> The one I was talking about is the second case, which prints
> KEYSHR_LOCK|EXCL_LOCK to mean that there's a FOR SHARE lock.  I have no
> problem reading it this way, but I fear that someone unfamiliar with
> these bits might be confused.  On the other hand, trying to be nice and
> interpret these bits (i.e. translate presence of both into something
> like SHR_LOCK) might also be confusing, because that bit doesn't really
> exist.  And one already needs to be careful while interpreting what do
> KEYS_UPDATED and XMAX_LOCK_ONLY, or lack thereof, mean.

> Perhaps it would be sensible to provide one more output line per tuple,
> with interpretation of the flags, so it would tell you whether the tuple
> has been locked or updated, and what kind of each it is.  I'd propose
> something like

>   status: locked (FOR {KEY SHARE,SHARE,NO KEY UPDATE,UPDATE}) [MultiXact: nnn]
>   status: [HOT] updated (KEYS UPDATED/KEYS NOT UPDATED) [MultiXact: nnn]  To: blk/off
>   status: deleted [MultiXact: nnn]

Hm.  I'm loath to add another output line per tuple, just for space
reasons.

My feeling about this code is that the reason we print the infomask in
hex is so you can see exactly which bits are set if you care, and that
the rest of the line ought to be designed to interpret the bits in as
reader-friendly a way as possible.  So I don't buy the notion that we
should just print out a name for each bit that's set.  I'd rather
replace individual bit names with items like LOCKED_FOR_KEY_SHARE,
LOCKED_FOR_SHARE, etc in cases where you have to combine multiple
bits to understand the meaning.
        regards, tom lane

Tom Lane escribió:

> My feeling about this code is that the reason we print the infomask in
> hex is so you can see exactly which bits are set if you care, and that
> the rest of the line ought to be designed to interpret the bits in as
> reader-friendly a way as possible.  So I don't buy the notion that we
> should just print out a name for each bit that's set.  I'd rather
> replace individual bit names with items like LOCKED_FOR_KEY_SHARE,
> LOCKED_FOR_SHARE, etc in cases where you have to combine multiple
> bits to understand the meaning.

Okay, that's what I've been saying all along so I cannot but agree.  I
haven't reviewed Jeff's patch lately; Jeff, does Tom's suggestion need
some more new code, and if so are you open to doing this work, or shall
I?

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

On Wed, 2013-07-17 at 13:43 -0400, Alvaro Herrera wrote:
> Tom Lane escribió:
> 
> > My feeling about this code is that the reason we print the infomask in
> > hex is so you can see exactly which bits are set if you care, and that
> > the rest of the line ought to be designed to interpret the bits in as
> > reader-friendly a way as possible.  So I don't buy the notion that we
> > should just print out a name for each bit that's set.  I'd rather
> > replace individual bit names with items like LOCKED_FOR_KEY_SHARE,
> > LOCKED_FOR_SHARE, etc in cases where you have to combine multiple
> > bits to understand the meaning.
> 
> Okay, that's what I've been saying all along so I cannot but agree.  I
> haven't reviewed Jeff's patch lately; Jeff, does Tom's suggestion need
> some more new code, and if so are you open to doing this work, or shall
> I?

At first glance it seems like a pretty trivial change. I'm going on
vacation tomorrow and unfortunately I haven't had a chance to look at
this. Pgfoundry CVS is down, so I can't see whether it's already been
committed or not.

Regards,Jeff Davis