#include "postgres.h"
#include "access/detoast.h"
#include "access/genam.h"
#include "access/heapam.h"
#include "access/heaptoast.h"
#include "access/multixact.h"
#include "access/toast_internals.h"
#include "access/visibilitymap.h"
#include "catalog/pg_am.h"
#include "funcapi.h"
#include "miscadmin.h"
#include "storage/bufmgr.h"
#include "storage/procarray.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"

Include dependency graph for verify_heapam.c:

Data Structures
struct	HeapCheckContext

Macros
#define	HEAPCHECK_RELATION_COLS 4

Typedefs
typedef enum XidBoundsViolation	XidBoundsViolation

typedef enum XidCommitStatus	XidCommitStatus

typedef enum SkipPages	SkipPages

typedef struct HeapCheckContext	HeapCheckContext

Enumerations
enum	XidBoundsViolation { XID_INVALID, XID_IN_FUTURE, XID_PRECEDES_CLUSTERMIN, XID_PRECEDES_RELMIN, XID_BOUNDS_OK }

enum	XidCommitStatus { XID_COMMITTED, XID_IN_PROGRESS, XID_ABORTED }

enum	SkipPages { SKIP_PAGES_ALL_FROZEN, SKIP_PAGES_ALL_VISIBLE, SKIP_PAGES_NONE }

Functions
	PG_FUNCTION_INFO_V1 (verify_heapam)

static void	sanity_check_relation (Relation rel)

static void	check_tuple (HeapCheckContext *ctx)

static void	check_toast_tuple (HeapTuple toasttup, HeapCheckContext *ctx)

static bool	check_tuple_attribute (HeapCheckContext *ctx)

static bool	check_tuple_header_and_visibilty (HeapTupleHeader tuphdr, HeapCheckContext *ctx)

static void	report_corruption (HeapCheckContext ctx, char msg)

static TupleDesc	verify_heapam_tupdesc (void)

static FullTransactionId	FullTransactionIdFromXidAndCtx (TransactionId xid, const HeapCheckContext *ctx)

static void	update_cached_xid_range (HeapCheckContext *ctx)

static void	update_cached_mxid_range (HeapCheckContext *ctx)

static XidBoundsViolation	check_mxid_in_range (MultiXactId mxid, HeapCheckContext *ctx)

static XidBoundsViolation	check_mxid_valid_in_rel (MultiXactId mxid, HeapCheckContext *ctx)

static XidBoundsViolation	get_xid_status (TransactionId xid, HeapCheckContext ctx, XidCommitStatus status)

Datum	verify_heapam (PG_FUNCTION_ARGS)

static bool	fxid_in_cached_range (FullTransactionId fxid, const HeapCheckContext *ctx)

Macro Definition Documentation

◆ HEAPCHECK_RELATION_COLS

#define HEAPCHECK_RELATION_COLS 4

Definition at line 31 of file verify_heapam.c.

Referenced by report_corruption(), and verify_heapam_tupdesc().

Typedef Documentation

◆ HeapCheckContext

typedef struct HeapCheckContext HeapCheckContext

◆ SkipPages

typedef enum SkipPages SkipPages

◆ XidBoundsViolation

typedef enum XidBoundsViolation XidBoundsViolation

◆ XidCommitStatus

typedef enum XidCommitStatus XidCommitStatus

Enumeration Type Documentation

◆ SkipPages

enum SkipPages

Enumerator
SKIP_PAGES_ALL_FROZEN
SKIP_PAGES_ALL_VISIBLE
SKIP_PAGES_NONE

Definition at line 53 of file verify_heapam.c.

 {
     SKIP_PAGES_ALL_FROZEN,
     SKIP_PAGES_ALL_VISIBLE,
     SKIP_PAGES_NONE
 } SkipPages;

◆ XidBoundsViolation

enum XidBoundsViolation

Enumerator
XID_INVALID
XID_IN_FUTURE
XID_PRECEDES_CLUSTERMIN
XID_PRECEDES_RELMIN
XID_BOUNDS_OK

Definition at line 37 of file verify_heapam.c.

 {
     XID_INVALID,
     XID_IN_FUTURE,
     XID_PRECEDES_CLUSTERMIN,
     XID_PRECEDES_RELMIN,
     XID_BOUNDS_OK
 } XidBoundsViolation;

◆ XidCommitStatus

enum XidCommitStatus

Enumerator
XID_COMMITTED
XID_IN_PROGRESS
XID_ABORTED

Definition at line 46 of file verify_heapam.c.

 {
     XID_COMMITTED,
     XID_IN_PROGRESS,
     XID_ABORTED
 } XidCommitStatus;

Function Documentation

◆ check_mxid_in_range()

static XidBoundsViolation check_mxid_in_range	(	MultiXactId	mxid,
		HeapCheckContext *	ctx
	)

static

Definition at line 1342 of file verify_heapam.c.

References MultiXactIdPrecedes(), MultiXactIdPrecedesOrEquals(), HeapCheckContext::next_mxact, HeapCheckContext::oldest_mxact, HeapCheckContext::relminmxid, TransactionIdIsValid, XID_BOUNDS_OK, XID_IN_FUTURE, XID_INVALID, XID_PRECEDES_CLUSTERMIN, and XID_PRECEDES_RELMIN.

Referenced by check_mxid_valid_in_rel().

 {
     if (!TransactionIdIsValid(mxid))
         return XID_INVALID;
     if (MultiXactIdPrecedes(mxid, ctx->relminmxid))
         return XID_PRECEDES_RELMIN;
     if (MultiXactIdPrecedes(mxid, ctx->oldest_mxact))
         return XID_PRECEDES_CLUSTERMIN;
     if (MultiXactIdPrecedesOrEquals(ctx->next_mxact, mxid))
         return XID_IN_FUTURE;
     return XID_BOUNDS_OK;
 }

◆ check_mxid_valid_in_rel()

static XidBoundsViolation check_mxid_valid_in_rel	(	MultiXactId	mxid,
		HeapCheckContext *	ctx
	)

static

Definition at line 1364 of file verify_heapam.c.

References check_mxid_in_range(), update_cached_mxid_range(), and XID_BOUNDS_OK.

Referenced by check_tuple().

 {
     XidBoundsViolation result;
 
     result = check_mxid_in_range(mxid, ctx);
     if (result == XID_BOUNDS_OK)
         return XID_BOUNDS_OK;
 
     /* The range may have advanced.  Recheck. */
     update_cached_mxid_range(ctx);
     return check_mxid_in_range(mxid, ctx);
 }

◆ check_toast_tuple()

static void check_toast_tuple	(	HeapTuple	toasttup,
		HeapCheckContext *	ctx
	)

static

Definition at line 829 of file verify_heapam.c.

References HeapCheckContext::attrsize, HeapCheckContext::chunkno, DatumGetInt32, DatumGetPointer, HeapCheckContext::endchunk, fastgetattr, header(), psprintf(), pstrdup(), RelationData::rd_att, report_corruption(), TOAST_MAX_CHUNK_SIZE, HeapCheckContext::toast_rel, HeapCheckContext::totalchunks, VARATT_IS_EXTENDED, VARATT_IS_SHORT, VARHDRSZ, VARHDRSZ_SHORT, VARSIZE, and VARSIZE_SHORT.

Referenced by check_tuple_attribute().

 {
     int32       curchunk;
     Pointer     chunk;
     bool        isnull;
     int32       chunksize;
     int32       expected_size;
 
     /*
      * Have a chunk, extract the sequence number and the data
      */
     curchunk = DatumGetInt32(fastgetattr(toasttup, 2,
                                          ctx->toast_rel->rd_att, &isnull));
     if (isnull)
     {
         report_corruption(ctx,
                           pstrdup("toast chunk sequence number is null"));
         return;
     }
     chunk = DatumGetPointer(fastgetattr(toasttup, 3,
                                         ctx->toast_rel->rd_att, &isnull));
     if (isnull)
     {
         report_corruption(ctx,
                           pstrdup("toast chunk data is null"));
         return;
     }
     if (!VARATT_IS_EXTENDED(chunk))
         chunksize = VARSIZE(chunk) - VARHDRSZ;
     else if (VARATT_IS_SHORT(chunk))
     {
         /*
          * could happen due to heap_form_tuple doing its thing
          */
         chunksize = VARSIZE_SHORT(chunk) - VARHDRSZ_SHORT;
     }
     else
     {
         /* should never happen */
         uint32      header = ((varattrib_4b *) chunk)->va_4byte.va_header;
 
         report_corruption(ctx,
                           psprintf("corrupt extended toast chunk has invalid varlena header: %0x (sequence number %d)",
                                    header, curchunk));
         return;
     }
 
     /*
      * Some checks on the data we've found
      */
     if (curchunk != ctx->chunkno)
     {
         report_corruption(ctx,
                           psprintf("toast chunk sequence number %u does not match the expected sequence number %u",
                                    curchunk, ctx->chunkno));
         return;
     }
     if (curchunk > ctx->endchunk)
     {
         report_corruption(ctx,
                           psprintf("toast chunk sequence number %u exceeds the end chunk sequence number %u",
                                    curchunk, ctx->endchunk));
         return;
     }
 
     expected_size = curchunk < ctx->totalchunks - 1 ? TOAST_MAX_CHUNK_SIZE
         : ctx->attrsize - ((ctx->totalchunks - 1) * TOAST_MAX_CHUNK_SIZE);
     if (chunksize != expected_size)
     {
         report_corruption(ctx,
                           psprintf("toast chunk size %u differs from the expected size %u",
                                    chunksize, expected_size));
         return;
     }
 }

◆ check_tuple()

static void check_tuple ( HeapCheckContext * ctx )

static

Definition at line 1121 of file verify_heapam.c.

References HeapCheckContext::attnum, check_mxid_valid_in_rel(), check_tuple_attribute(), check_tuple_header_and_visibilty(), EpochFromFullTransactionId, fatal, get_xid_status(), HEAP_XMAX_IS_MULTI, HeapTupleHeaderGetRawXmax, HeapTupleHeaderGetXmin, HeapCheckContext::natts, HeapCheckContext::next_fxid, HeapCheckContext::next_mxact, HeapCheckContext::offset, HeapCheckContext::oldest_fxid, HeapCheckContext::oldest_mxact, psprintf(), pstrdup(), HeapCheckContext::rel, RelationGetDescr, HeapCheckContext::relfrozenfxid, HeapCheckContext::relminmxid, report_corruption(), HeapTupleHeaderData::t_infomask, HeapCheckContext::tuphdr, XID_BOUNDS_OK, XID_IN_FUTURE, XID_INVALID, XID_PRECEDES_CLUSTERMIN, XID_PRECEDES_RELMIN, and XidFromFullTransactionId.

Referenced by verify_heapam().

 {
     TransactionId xmin;
     TransactionId xmax;
     bool        fatal = false;
     uint16      infomask = ctx->tuphdr->t_infomask;
 
     /* If xmin is normal, it should be within valid range */
     xmin = HeapTupleHeaderGetXmin(ctx->tuphdr);
     switch (get_xid_status(xmin, ctx, NULL))
     {
         case XID_INVALID:
         case XID_BOUNDS_OK:
             break;
         case XID_IN_FUTURE:
             report_corruption(ctx,
                               psprintf("xmin %u equals or exceeds next valid transaction ID %u:%u",
                                        xmin,
                                        EpochFromFullTransactionId(ctx->next_fxid),
                                        XidFromFullTransactionId(ctx->next_fxid)));
             fatal = true;
             break;
         case XID_PRECEDES_CLUSTERMIN:
             report_corruption(ctx,
                               psprintf("xmin %u precedes oldest valid transaction ID %u:%u",
                                        xmin,
                                        EpochFromFullTransactionId(ctx->oldest_fxid),
                                        XidFromFullTransactionId(ctx->oldest_fxid)));
             fatal = true;
             break;
         case XID_PRECEDES_RELMIN:
             report_corruption(ctx,
                               psprintf("xmin %u precedes relation freeze threshold %u:%u",
                                        xmin,
                                        EpochFromFullTransactionId(ctx->relfrozenfxid),
                                        XidFromFullTransactionId(ctx->relfrozenfxid)));
             fatal = true;
             break;
     }
 
     xmax = HeapTupleHeaderGetRawXmax(ctx->tuphdr);
 
     if (infomask & HEAP_XMAX_IS_MULTI)
     {
         /* xmax is a multixact, so it should be within valid MXID range */
         switch (check_mxid_valid_in_rel(xmax, ctx))
         {
             case XID_INVALID:
                 report_corruption(ctx,
                                   pstrdup("multitransaction ID is invalid"));
                 fatal = true;
                 break;
             case XID_PRECEDES_RELMIN:
                 report_corruption(ctx,
                                   psprintf("multitransaction ID %u precedes relation minimum multitransaction ID threshold %u",
                                            xmax, ctx->relminmxid));
                 fatal = true;
                 break;
             case XID_PRECEDES_CLUSTERMIN:
                 report_corruption(ctx,
                                   psprintf("multitransaction ID %u precedes oldest valid multitransaction ID threshold %u",
                                            xmax, ctx->oldest_mxact));
                 fatal = true;
                 break;
             case XID_IN_FUTURE:
                 report_corruption(ctx,
                                   psprintf("multitransaction ID %u equals or exceeds next valid multitransaction ID %u",
                                            xmax,
                                            ctx->next_mxact));
                 fatal = true;
                 break;
             case XID_BOUNDS_OK:
                 break;
         }
     }
     else
     {
         /*
          * xmax is not a multixact and is normal, so it should be within the
          * valid XID range.
          */
         switch (get_xid_status(xmax, ctx, NULL))
         {
             case XID_INVALID:
             case XID_BOUNDS_OK:
                 break;
             case XID_IN_FUTURE:
                 report_corruption(ctx,
                                   psprintf("xmax %u equals or exceeds next valid transaction ID %u:%u",
                                            xmax,
                                            EpochFromFullTransactionId(ctx->next_fxid),
                                            XidFromFullTransactionId(ctx->next_fxid)));
                 fatal = true;
                 break;
             case XID_PRECEDES_CLUSTERMIN:
                 report_corruption(ctx,
                                   psprintf("xmax %u precedes oldest valid transaction ID %u:%u",
                                            xmax,
                                            EpochFromFullTransactionId(ctx->oldest_fxid),
                                            XidFromFullTransactionId(ctx->oldest_fxid)));
                 fatal = true;
                 break;
             case XID_PRECEDES_RELMIN:
                 report_corruption(ctx,
                                   psprintf("xmax %u precedes relation freeze threshold %u:%u",
                                            xmax,
                                            EpochFromFullTransactionId(ctx->relfrozenfxid),
                                            XidFromFullTransactionId(ctx->relfrozenfxid)));
                 fatal = true;
         }
     }
 
     /*
      * Cannot process tuple data if tuple header was corrupt, as the offsets
      * within the page cannot be trusted, leaving too much risk of reading
      * garbage if we continue.
      *
      * We also cannot process the tuple if the xmin or xmax were invalid
      * relative to relfrozenxid or relminmxid, as clog entries for the xids
      * may already be gone.
      */
     if (fatal)
         return;
 
     /*
      * Check various forms of tuple header corruption.  If the header is too
      * corrupt to continue checking, or if the tuple is not visible to anyone,
      * we cannot continue with other checks.
      */
     if (!check_tuple_header_and_visibilty(ctx->tuphdr, ctx))
         return;
 
     /*
      * The tuple is visible, so it must be compatible with the current version
      * of the relation descriptor. It might have fewer columns than are
      * present in the relation descriptor, but it cannot have more.
      */
     if (RelationGetDescr(ctx->rel)->natts < ctx->natts)
     {
         report_corruption(ctx,
                           psprintf("number of attributes %u exceeds maximum expected for table %u",
                                    ctx->natts,
                                    RelationGetDescr(ctx->rel)->natts));
         return;
     }
 
     /*
      * Check each attribute unless we hit corruption that confuses what to do
      * next, at which point we abort further attribute checks for this tuple.
      * Note that we don't abort for all types of corruption, only for those
      * types where we don't know how to continue.
      */
     ctx->offset = 0;
     for (ctx->attnum = 0; ctx->attnum < ctx->natts; ctx->attnum++)
         if (!check_tuple_attribute(ctx))
             break;              /* cannot continue */
 
     /* revert attnum to -1 until we again examine individual attributes */
     ctx->attnum = -1;
 }

◆ check_tuple_attribute()

static bool check_tuple_attribute ( HeapCheckContext * ctx )

static

Definition at line 926 of file verify_heapam.c.

References att_addlength_pointer, att_align_nominal, att_align_pointer, att_isnull, HeapCheckContext::attnum, HeapCheckContext::attrsize, BTEqualStrategyNumber, check_toast_tuple(), HeapCheckContext::chunkno, DatumGetPointer, HeapCheckContext::endchunk, fetchatt, ForwardScanDirection, HEAP_HASEXTERNAL, HEAP_HASNULL, init_toast_snapshot(), HeapCheckContext::lp_len, ObjectIdGetDatum, HeapCheckContext::offset, psprintf(), RelationData::rd_rel, HeapCheckContext::rel, RelationGetDescr, report_corruption(), ScanKeyInit(), systable_beginscan_ordered(), systable_endscan_ordered(), systable_getnext_ordered(), HeapTupleHeaderData::t_bits, HeapTupleHeaderData::t_hoff, HeapTupleHeaderData::t_infomask, TOAST_MAX_CHUNK_SIZE, HeapCheckContext::toast_rel, HeapCheckContext::totalchunks, HeapCheckContext::tuphdr, TupleDescAttr, varatt_external::va_extsize, varatt_external::va_valueid, HeapCheckContext::valid_toast_index, VARATT_EXTERNAL_GET_POINTER, VARATT_IS_EXTERNAL, VARTAG_EXTERNAL, and VARTAG_ONDISK.

Referenced by check_tuple().

 {
     struct varatt_external toast_pointer;
     ScanKeyData toastkey;
     SysScanDesc toastscan;
     SnapshotData SnapshotToast;
     HeapTuple   toasttup;
     bool        found_toasttup;
     Datum       attdatum;
     struct varlena *attr;
     char       *tp;             /* pointer to the tuple data */
     uint16      infomask;
     Form_pg_attribute thisatt;
 
     infomask = ctx->tuphdr->t_infomask;
     thisatt = TupleDescAttr(RelationGetDescr(ctx->rel), ctx->attnum);
 
     tp = (char *) ctx->tuphdr + ctx->tuphdr->t_hoff;
 
     if (ctx->tuphdr->t_hoff + ctx->offset > ctx->lp_len)
     {
         report_corruption(ctx,
                           psprintf("attribute %u with length %u starts at offset %u beyond total tuple length %u",
                                    ctx->attnum,
                                    thisatt->attlen,
                                    ctx->tuphdr->t_hoff + ctx->offset,
                                    ctx->lp_len));
         return false;
     }
 
     /* Skip null values */
     if (infomask & HEAP_HASNULL && att_isnull(ctx->attnum, ctx->tuphdr->t_bits))
         return true;
 
     /* Skip non-varlena values, but update offset first */
     if (thisatt->attlen != -1)
     {
         ctx->offset = att_align_nominal(ctx->offset, thisatt->attalign);
         ctx->offset = att_addlength_pointer(ctx->offset, thisatt->attlen,
                                             tp + ctx->offset);
         if (ctx->tuphdr->t_hoff + ctx->offset > ctx->lp_len)
         {
             report_corruption(ctx,
                               psprintf("attribute %u with length %u ends at offset %u beyond total tuple length %u",
                                        ctx->attnum,
                                        thisatt->attlen,
                                        ctx->tuphdr->t_hoff + ctx->offset,
                                        ctx->lp_len));
             return false;
         }
         return true;
     }
 
     /* Ok, we're looking at a varlena attribute. */
     ctx->offset = att_align_pointer(ctx->offset, thisatt->attalign, -1,
                                     tp + ctx->offset);
 
     /* Get the (possibly corrupt) varlena datum */
     attdatum = fetchatt(thisatt, tp + ctx->offset);
 
     /*
      * We have the datum, but we cannot decode it carelessly, as it may still
      * be corrupt.
      */
 
     /*
      * Check that VARTAG_SIZE won't hit a TrapMacro on a corrupt va_tag before
      * risking a call into att_addlength_pointer
      */
     if (VARATT_IS_EXTERNAL(tp + ctx->offset))
     {
         uint8       va_tag = VARTAG_EXTERNAL(tp + ctx->offset);
 
         if (va_tag != VARTAG_ONDISK)
         {
             report_corruption(ctx,
                               psprintf("toasted attribute %u has unexpected TOAST tag %u",
                                        ctx->attnum,
                                        va_tag));
             /* We can't know where the next attribute begins */
             return false;
         }
     }
 
     /* Ok, should be safe now */
     ctx->offset = att_addlength_pointer(ctx->offset, thisatt->attlen,
                                         tp + ctx->offset);
 
     if (ctx->tuphdr->t_hoff + ctx->offset > ctx->lp_len)
     {
         report_corruption(ctx,
                           psprintf("attribute %u with length %u ends at offset %u beyond total tuple length %u",
                                    ctx->attnum,
                                    thisatt->attlen,
                                    ctx->tuphdr->t_hoff + ctx->offset,
                                    ctx->lp_len));
 
         return false;
     }
 
     /*
      * heap_deform_tuple would be done with this attribute at this point,
      * having stored it in values[], and would continue to the next attribute.
      * We go further, because we need to check if the toast datum is corrupt.
      */
 
     attr = (struct varlena *) DatumGetPointer(attdatum);
 
     /*
      * Now we follow the logic of detoast_external_attr(), with the same
      * caveats about being paranoid about corruption.
      */
 
     /* Skip values that are not external */
     if (!VARATT_IS_EXTERNAL(attr))
         return true;
 
     /* It is external, and we're looking at a page on disk */
 
     /* The tuple header better claim to contain toasted values */
     if (!(infomask & HEAP_HASEXTERNAL))
     {
         report_corruption(ctx,
                           psprintf("attribute %u is external but tuple header flag HEAP_HASEXTERNAL not set",
                                    ctx->attnum));
         return true;
     }
 
     /* The relation better have a toast table */
     if (!ctx->rel->rd_rel->reltoastrelid)
     {
         report_corruption(ctx,
                           psprintf("attribute %u is external but relation has no toast relation",
                                    ctx->attnum));
         return true;
     }
 
     /* If we were told to skip toast checking, then we're done. */
     if (ctx->toast_rel == NULL)
         return true;
 
     /*
      * Must copy attr into toast_pointer for alignment considerations
      */
     VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr);
 
     ctx->attrsize = toast_pointer.va_extsize;
     ctx->endchunk = (ctx->attrsize - 1) / TOAST_MAX_CHUNK_SIZE;
     ctx->totalchunks = ctx->endchunk + 1;
 
     /*
      * Setup a scan key to find chunks in toast table with matching va_valueid
      */
     ScanKeyInit(&toastkey,
                 (AttrNumber) 1,
                 BTEqualStrategyNumber, F_OIDEQ,
                 ObjectIdGetDatum(toast_pointer.va_valueid));
 
     /*
      * Check if any chunks for this toasted object exist in the toast table,
      * accessible via the index.
      */
     init_toast_snapshot(&SnapshotToast);
     toastscan = systable_beginscan_ordered(ctx->toast_rel,
                                            ctx->valid_toast_index,
                                            &SnapshotToast, 1,
                                            &toastkey);
     ctx->chunkno = 0;
     found_toasttup = false;
     while ((toasttup =
             systable_getnext_ordered(toastscan,
                                      ForwardScanDirection)) != NULL)
     {
         found_toasttup = true;
         check_toast_tuple(toasttup, ctx);
         ctx->chunkno++;
     }
     if (ctx->chunkno != (ctx->endchunk + 1))
         report_corruption(ctx,
                           psprintf("final toast chunk number %u differs from expected value %u",
                                    ctx->chunkno, (ctx->endchunk + 1)));
     if (!found_toasttup)
         report_corruption(ctx,
                           psprintf("toasted value for attribute %u missing from toast table",
                                    ctx->attnum));
     systable_endscan_ordered(toastscan);
 
     return true;
 }

◆ check_tuple_header_and_visibilty()

static bool check_tuple_header_and_visibilty	(	HeapTupleHeader	tuphdr,
		HeapCheckContext *	ctx
	)

static

Definition at line 598 of file verify_heapam.c.

References BITMAPLEN, EpochFromFullTransactionId, get_xid_status(), HEAP_HASNULL, HEAP_MOVED_IN, HEAP_MOVED_OFF, HEAP_XMAX_COMMITTED, HEAP_XMAX_INVALID, HEAP_XMAX_IS_LOCKED_ONLY, HEAP_XMAX_IS_MULTI, HeapTupleGetUpdateXid(), HeapTupleHeaderGetRawXmin, HeapTupleHeaderGetXvac, HeapTupleHeaderXminCommitted, HeapTupleHeaderXminInvalid, HeapCheckContext::lp_len, MAXALIGN, HeapCheckContext::natts, HeapCheckContext::next_fxid, HeapCheckContext::oldest_fxid, psprintf(), pstrdup(), HeapCheckContext::relfrozenfxid, report_corruption(), SizeofHeapTupleHeader, status(), HeapTupleHeaderData::t_hoff, HeapTupleHeaderData::t_infomask, HeapCheckContext::tuphdr, XID_ABORTED, XID_BOUNDS_OK, XID_COMMITTED, XID_IN_FUTURE, XID_IN_PROGRESS, XID_INVALID, XID_PRECEDES_CLUSTERMIN, XID_PRECEDES_RELMIN, and XidFromFullTransactionId.

Referenced by check_tuple().

 {
     uint16      infomask = tuphdr->t_infomask;
     bool        header_garbled = false;
     unsigned    expected_hoff;
 
     if (ctx->tuphdr->t_hoff > ctx->lp_len)
     {
         report_corruption(ctx,
                           psprintf("data begins at offset %u beyond the tuple length %u",
                                    ctx->tuphdr->t_hoff, ctx->lp_len));
         header_garbled = true;
     }
 
     if ((ctx->tuphdr->t_infomask & HEAP_XMAX_COMMITTED) &&
         (ctx->tuphdr->t_infomask & HEAP_XMAX_IS_MULTI))
     {
         report_corruption(ctx,
                           pstrdup("multixact should not be marked committed"));
 
         /*
          * This condition is clearly wrong, but we do not consider the header
          * garbled, because we don't rely on this property for determining if
          * the tuple is visible or for interpreting other relevant header
          * fields.
          */
     }
 
     if (infomask & HEAP_HASNULL)
         expected_hoff = MAXALIGN(SizeofHeapTupleHeader + BITMAPLEN(ctx->natts));
     else
         expected_hoff = MAXALIGN(SizeofHeapTupleHeader);
     if (ctx->tuphdr->t_hoff != expected_hoff)
     {
         if ((infomask & HEAP_HASNULL) && ctx->natts == 1)
             report_corruption(ctx,
                               psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, has nulls)",
                                        expected_hoff, ctx->tuphdr->t_hoff));
         else if ((infomask & HEAP_HASNULL))
             report_corruption(ctx,
                               psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, has nulls)",
                                        expected_hoff, ctx->tuphdr->t_hoff, ctx->natts));
         else if (ctx->natts == 1)
             report_corruption(ctx,
                               psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, no nulls)",
                                        expected_hoff, ctx->tuphdr->t_hoff));
         else
             report_corruption(ctx,
                               psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, no nulls)",
                                        expected_hoff, ctx->tuphdr->t_hoff, ctx->natts));
         header_garbled = true;
     }
 
     if (header_garbled)
         return false;           /* checking of this tuple should not continue */
 
     /*
      * Ok, we can examine the header for tuple visibility purposes, though we
      * still need to be careful about a few remaining types of header
      * corruption.  This logic roughly follows that of
      * HeapTupleSatisfiesVacuum.  Where possible the comments indicate which
      * HTSV_Result we think that function might return for this tuple.
      */
     if (!HeapTupleHeaderXminCommitted(tuphdr))
     {
         TransactionId raw_xmin = HeapTupleHeaderGetRawXmin(tuphdr);
 
         if (HeapTupleHeaderXminInvalid(tuphdr))
             return false;       /* HEAPTUPLE_DEAD */
         /* Used by pre-9.0 binary upgrades */
         else if (infomask & HEAP_MOVED_OFF ||
                  infomask & HEAP_MOVED_IN)
         {
             XidCommitStatus status;
             TransactionId xvac = HeapTupleHeaderGetXvac(tuphdr);
 
             switch (get_xid_status(xvac, ctx, &status))
             {
                 case XID_INVALID:
                     report_corruption(ctx,
                                       pstrdup("old-style VACUUM FULL transaction ID is invalid"));
                     return false;   /* corrupt */
                 case XID_IN_FUTURE:
                     report_corruption(ctx,
                                       psprintf("old-style VACUUM FULL transaction ID %u equals or exceeds next valid transaction ID %u:%u",
                                                xvac,
                                                EpochFromFullTransactionId(ctx->next_fxid),
                                                XidFromFullTransactionId(ctx->next_fxid)));
                     return false;   /* corrupt */
                 case XID_PRECEDES_RELMIN:
                     report_corruption(ctx,
                                       psprintf("old-style VACUUM FULL transaction ID %u precedes relation freeze threshold %u:%u",
                                                xvac,
                                                EpochFromFullTransactionId(ctx->relfrozenfxid),
                                                XidFromFullTransactionId(ctx->relfrozenfxid)));
                     return false;   /* corrupt */
                     break;
                 case XID_PRECEDES_CLUSTERMIN:
                     report_corruption(ctx,
                                       psprintf("old-style VACUUM FULL transaction ID %u precedes oldest valid transaction ID %u:%u",
                                                xvac,
                                                EpochFromFullTransactionId(ctx->oldest_fxid),
                                                XidFromFullTransactionId(ctx->oldest_fxid)));
                     return false;   /* corrupt */
                     break;
                 case XID_BOUNDS_OK:
                     switch (status)
                     {
                         case XID_IN_PROGRESS:
                             return true;    /* HEAPTUPLE_DELETE_IN_PROGRESS */
                         case XID_COMMITTED:
                         case XID_ABORTED:
                             return false;   /* HEAPTUPLE_DEAD */
                     }
             }
         }
         else
         {
             XidCommitStatus status;
 
             switch (get_xid_status(raw_xmin, ctx, &status))
             {
                 case XID_INVALID:
                     report_corruption(ctx,
                                       pstrdup("raw xmin is invalid"));
                     return false;
                 case XID_IN_FUTURE:
                     report_corruption(ctx,
                                       psprintf("raw xmin %u equals or exceeds next valid transaction ID %u:%u",
                                                raw_xmin,
                                                EpochFromFullTransactionId(ctx->next_fxid),
                                                XidFromFullTransactionId(ctx->next_fxid)));
                     return false;   /* corrupt */
                 case XID_PRECEDES_RELMIN:
                     report_corruption(ctx,
                                       psprintf("raw xmin %u precedes relation freeze threshold %u:%u",
                                                raw_xmin,
                                                EpochFromFullTransactionId(ctx->relfrozenfxid),
                                                XidFromFullTransactionId(ctx->relfrozenfxid)));
                     return false;   /* corrupt */
                 case XID_PRECEDES_CLUSTERMIN:
                     report_corruption(ctx,
                                       psprintf("raw xmin %u precedes oldest valid transaction ID %u:%u",
                                                raw_xmin,
                                                EpochFromFullTransactionId(ctx->oldest_fxid),
                                                XidFromFullTransactionId(ctx->oldest_fxid)));
                     return false;   /* corrupt */
                 case XID_BOUNDS_OK:
                     switch (status)
                     {
                         case XID_COMMITTED:
                             break;
                         case XID_IN_PROGRESS:
                             return true;    /* insert or delete in progress */
                         case XID_ABORTED:
                             return false;   /* HEAPTUPLE_DEAD */
                     }
             }
         }
     }
 
     if (!(infomask & HEAP_XMAX_INVALID) && !HEAP_XMAX_IS_LOCKED_ONLY(infomask))
     {
         if (infomask & HEAP_XMAX_IS_MULTI)
         {
             XidCommitStatus status;
             TransactionId xmax = HeapTupleGetUpdateXid(tuphdr);
 
             switch (get_xid_status(xmax, ctx, &status))
             {
                     /* not LOCKED_ONLY, so it has to have an xmax */
                 case XID_INVALID:
                     report_corruption(ctx,
                                       pstrdup("xmax is invalid"));
                     return false;   /* corrupt */
                 case XID_IN_FUTURE:
                     report_corruption(ctx,
                                       psprintf("xmax %u equals or exceeds next valid transaction ID %u:%u",
                                                xmax,
                                                EpochFromFullTransactionId(ctx->next_fxid),
                                                XidFromFullTransactionId(ctx->next_fxid)));
                     return false;   /* corrupt */
                 case XID_PRECEDES_RELMIN:
                     report_corruption(ctx,
                                       psprintf("xmax %u precedes relation freeze threshold %u:%u",
                                                xmax,
                                                EpochFromFullTransactionId(ctx->relfrozenfxid),
                                                XidFromFullTransactionId(ctx->relfrozenfxid)));
                     return false;   /* corrupt */
                 case XID_PRECEDES_CLUSTERMIN:
                     report_corruption(ctx,
                                       psprintf("xmax %u precedes oldest valid transaction ID %u:%u",
                                                xmax,
                                                EpochFromFullTransactionId(ctx->oldest_fxid),
                                                XidFromFullTransactionId(ctx->oldest_fxid)));
                     return false;   /* corrupt */
                 case XID_BOUNDS_OK:
                     switch (status)
                     {
                         case XID_IN_PROGRESS:
                             return true;    /* HEAPTUPLE_DELETE_IN_PROGRESS */
                         case XID_COMMITTED:
                         case XID_ABORTED:
                             return false;   /* HEAPTUPLE_RECENTLY_DEAD or
                                              * HEAPTUPLE_DEAD */
                     }
             }
 
             /* Ok, the tuple is live */
         }
         else if (!(infomask & HEAP_XMAX_COMMITTED))
             return true;        /* HEAPTUPLE_DELETE_IN_PROGRESS or
                                  * HEAPTUPLE_LIVE */
         else
             return false;       /* HEAPTUPLE_RECENTLY_DEAD or HEAPTUPLE_DEAD */
     }
     return true;                /* not dead */
 }

◆ FullTransactionIdFromXidAndCtx()

static FullTransactionId FullTransactionIdFromXidAndCtx	(	TransactionId	xid,
		const HeapCheckContext *	ctx
	)

static

Definition at line 1288 of file verify_heapam.c.

References epoch, EpochFromFullTransactionId, FullTransactionIdFromEpochAndXid(), HeapCheckContext::next_fxid, HeapCheckContext::next_xid, and TransactionIdIsNormal.

Referenced by get_xid_status(), update_cached_xid_range(), and verify_heapam().

 {
     uint32      epoch;
 
     if (!TransactionIdIsNormal(xid))
         return FullTransactionIdFromEpochAndXid(0, xid);
     epoch = EpochFromFullTransactionId(ctx->next_fxid);
     if (xid > ctx->next_xid)
         epoch--;
     return FullTransactionIdFromEpochAndXid(epoch, xid);
 }

◆ fxid_in_cached_range()

static bool fxid_in_cached_range	(	FullTransactionId	fxid,
		const HeapCheckContext *	ctx
	)

inlinestatic

Definition at line 1331 of file verify_heapam.c.

References FullTransactionIdPrecedes, FullTransactionIdPrecedesOrEquals, HeapCheckContext::next_fxid, and HeapCheckContext::oldest_fxid.

Referenced by get_xid_status().

 {
     return (FullTransactionIdPrecedesOrEquals(ctx->oldest_fxid, fxid) &&
             FullTransactionIdPrecedes(fxid, ctx->next_fxid));
 }

◆ get_xid_status()

static XidBoundsViolation get_xid_status	(	TransactionId	xid,
		HeapCheckContext *	ctx,
		XidCommitStatus *	status
	)

static

Definition at line 1396 of file verify_heapam.c.

References BootstrapTransactionId, HeapCheckContext::cached_status, HeapCheckContext::cached_xid, FrozenTransactionId, FullTransactionIdFromXidAndCtx(), FullTransactionIdPrecedes, FullTransactionIdPrecedesOrEquals, fxid_in_cached_range(), LW_SHARED, LWLockAcquire(), LWLockRelease(), HeapCheckContext::next_fxid, HeapCheckContext::oldest_fxid, VariableCacheData::oldestClogXid, HeapCheckContext::relfrozenfxid, ShmemVariableCache, status(), TransactionIdDidAbort(), TransactionIdDidCommit(), TransactionIdIsCurrentTransactionId(), TransactionIdIsValid, update_cached_xid_range(), XID_ABORTED, XID_BOUNDS_OK, XID_COMMITTED, XID_IN_FUTURE, XID_IN_PROGRESS, XID_INVALID, XID_PRECEDES_CLUSTERMIN, and XID_PRECEDES_RELMIN.

Referenced by check_tuple(), and check_tuple_header_and_visibilty().

 {
     FullTransactionId fxid;
     FullTransactionId clog_horizon;
 
     /* Quick check for special xids */
     if (!TransactionIdIsValid(xid))
         return XID_INVALID;
     else if (xid == BootstrapTransactionId || xid == FrozenTransactionId)
     {
         if (status != NULL)
             *status = XID_COMMITTED;
         return XID_BOUNDS_OK;
     }
 
     /* Check if the xid is within bounds */
     fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
     if (!fxid_in_cached_range(fxid, ctx))
     {
         /*
          * We may have been checking against stale values.  Update the cached
          * range to be sure, and since we relied on the cached range when we
          * performed the full xid conversion, reconvert.
          */
         update_cached_xid_range(ctx);
         fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
     }
 
     if (FullTransactionIdPrecedesOrEquals(ctx->next_fxid, fxid))
         return XID_IN_FUTURE;
     if (FullTransactionIdPrecedes(fxid, ctx->oldest_fxid))
         return XID_PRECEDES_CLUSTERMIN;
     if (FullTransactionIdPrecedes(fxid, ctx->relfrozenfxid))
         return XID_PRECEDES_RELMIN;
 
     /* Early return if the caller does not request clog checking */
     if (status == NULL)
         return XID_BOUNDS_OK;
 
     /* Early return if we just checked this xid in a prior call */
     if (xid == ctx->cached_xid)
     {
         *status = ctx->cached_status;
         return XID_BOUNDS_OK;
     }
 
     *status = XID_COMMITTED;
     LWLockAcquire(XactTruncationLock, LW_SHARED);
     clog_horizon =
         FullTransactionIdFromXidAndCtx(ShmemVariableCache->oldestClogXid,
                                        ctx);
     if (FullTransactionIdPrecedesOrEquals(clog_horizon, fxid))
     {
         if (TransactionIdIsCurrentTransactionId(xid))
             *status = XID_IN_PROGRESS;
         else if (TransactionIdDidCommit(xid))
             *status = XID_COMMITTED;
         else if (TransactionIdDidAbort(xid))
             *status = XID_ABORTED;
         else
             *status = XID_IN_PROGRESS;
     }
     LWLockRelease(XactTruncationLock);
     ctx->cached_xid = xid;
     ctx->cached_status = *status;
     return XID_BOUNDS_OK;
 }

◆ PG_FUNCTION_INFO_V1()

PG_FUNCTION_INFO_V1 ( verify_heapam )

◆ report_corruption()

static void report_corruption	(	HeapCheckContext *	ctx,
		char *	msg
	)

static

Definition at line 508 of file verify_heapam.c.

References HeapCheckContext::attnum, HeapCheckContext::blkno, CStringGetTextDatum, heap_form_tuple(), HEAPCHECK_RELATION_COLS, Int32GetDatum, Int64GetDatum(), HeapCheckContext::is_corrupt, MemSet, HeapCheckContext::offnum, pfree(), HeapCheckContext::tupdesc, tuplestore_puttuple(), HeapCheckContext::tupstore, and values.

Referenced by check_toast_tuple(), check_tuple(), check_tuple_attribute(), check_tuple_header_and_visibilty(), and verify_heapam().

 {
     Datum       values[HEAPCHECK_RELATION_COLS];
     bool        nulls[HEAPCHECK_RELATION_COLS];
     HeapTuple   tuple;
 
     MemSet(values, 0, sizeof(values));
     MemSet(nulls, 0, sizeof(nulls));
     values[0] = Int64GetDatum(ctx->blkno);
     values[1] = Int32GetDatum(ctx->offnum);
     values[2] = Int32GetDatum(ctx->attnum);
     nulls[2] = (ctx->attnum < 0);
     values[3] = CStringGetTextDatum(msg);
 
     /*
      * In principle, there is nothing to prevent a scan over a large, highly
      * corrupted table from using work_mem worth of memory building up the
      * tuplestore.  That's ok, but if we also leak the msg argument memory
      * until the end of the query, we could exceed work_mem by more than a
      * trivial amount.  Therefore, free the msg argument each time we are
      * called rather than waiting for our current memory context to be freed.
      */
     pfree(msg);
 
     tuple = heap_form_tuple(ctx->tupdesc, values, nulls);
     tuplestore_puttuple(ctx->tupstore, tuple);
     ctx->is_corrupt = true;
 }

◆ sanity_check_relation()

static void sanity_check_relation ( Relation rel )

static

Definition at line 485 of file verify_heapam.c.

References ereport, errcode(), errmsg(), ERROR, RelationData::rd_rel, and RelationGetRelationName.

Referenced by verify_heapam().

 {
     if (rel->rd_rel->relkind != RELKIND_RELATION &&
         rel->rd_rel->relkind != RELKIND_MATVIEW &&
         rel->rd_rel->relkind != RELKIND_TOASTVALUE)
         ereport(ERROR,
                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                  errmsg("\"%s\" is not a table, materialized view, or TOAST table",
                         RelationGetRelationName(rel))));
     if (rel->rd_rel->relam != HEAP_TABLE_AM_OID)
         ereport(ERROR,
                 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
                  errmsg("only heap AM is supported")));
 }

◆ update_cached_mxid_range()

static void update_cached_mxid_range ( HeapCheckContext * ctx )

static

Definition at line 1321 of file verify_heapam.c.

References HeapCheckContext::next_mxact, HeapCheckContext::oldest_mxact, and ReadMultiXactIdRange().

Referenced by check_mxid_valid_in_rel(), and verify_heapam().

 {
     ReadMultiXactIdRange(&ctx->oldest_mxact, &ctx->next_mxact);
 }

◆ update_cached_xid_range()

static void update_cached_xid_range ( HeapCheckContext * ctx )

static

Definition at line 1304 of file verify_heapam.c.

References FullTransactionIdFromXidAndCtx(), LW_SHARED, LWLockAcquire(), LWLockRelease(), HeapCheckContext::next_fxid, HeapCheckContext::next_xid, VariableCacheData::nextXid, HeapCheckContext::oldest_fxid, HeapCheckContext::oldest_xid, VariableCacheData::oldestXid, ShmemVariableCache, and XidFromFullTransactionId.

Referenced by get_xid_status(), and verify_heapam().

 {
     /* Make cached copies */
     LWLockAcquire(XidGenLock, LW_SHARED);
     ctx->next_fxid = ShmemVariableCache->nextXid;
     ctx->oldest_xid = ShmemVariableCache->oldestXid;
     LWLockRelease(XidGenLock);
 
     /* And compute alternate versions of the same */
     ctx->oldest_fxid = FullTransactionIdFromXidAndCtx(ctx->oldest_xid, ctx);
     ctx->next_xid = XidFromFullTransactionId(ctx->next_fxid);
 }

◆ verify_heapam()

Datum verify_heapam ( PG_FUNCTION_ARGS )

Definition at line 186 of file verify_heapam.c.

References AccessShareLock, ReturnSetInfo::allowedModes, BAS_BULKREAD, BUFFER_LOCK_SHARE, BufferGetPage, check_tuple(), ReturnSetInfo::econtext, ExprContext::ecxt_per_query_memory, ereport, errcode(), errhint(), errmsg(), ERROR, fb(), FirstOffsetNumber, FullTransactionIdFromXidAndCtx(), GetAccessStrategy(), HeapTupleHeaderGetNatts, InvalidBuffer, InvalidTransactionId, IsA, ItemIdGetLength, ItemIdGetOffset, ItemIdGetRedirect, ItemIdIsDead, ItemIdIsRedirected, ItemIdIsUsed, LockBuffer(), MAIN_FORKNUM, MAXALIGN, MemoryContextSwitchTo(), HeapCheckContext::offset, OffsetNumberNext, PageGetItem, PageGetItemId, PageGetMaxOffsetNumber, PG_ARGISNULL, PG_GETARG_BOOL, PG_GETARG_INT64, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_NULL, pg_strcasecmp(), psprintf(), RBM_NORMAL, ReadBufferExtended(), relation_close(), relation_open(), RelationGetNumberOfBlocks, ReleaseBuffer(), report_corruption(), ReturnSetInfo::returnMode, sanity_check_relation(), ReturnSetInfo::setDesc, ReturnSetInfo::setResult, SFRM_Materialize, SFRM_Materialize_Random, SizeofHeapTupleHeader, skip, SKIP_PAGES_ALL_FROZEN, SKIP_PAGES_ALL_VISIBLE, SKIP_PAGES_NONE, table_close(), table_open(), text_to_cstring(), toast_close_indexes(), toast_open_indexes(), TransactionIdIsNormal, tuplestore_begin_heap(), UnlockReleaseBuffer(), update_cached_mxid_range(), update_cached_xid_range(), verify_heapam_tupdesc(), VISIBILITYMAP_ALL_FROZEN, VISIBILITYMAP_ALL_VISIBLE, visibilitymap_get_status(), and work_mem.

 {
     ReturnSetInfo *rsinfo = (ReturnSetInfo *) fcinfo->resultinfo;
     MemoryContext old_context;
     bool        random_access;
     HeapCheckContext ctx;
     Buffer      vmbuffer = InvalidBuffer;
     Oid         relid;
     bool        on_error_stop;
     bool        check_toast;
     SkipPages   skip_option = SKIP_PAGES_NONE;
     BlockNumber first_block;
     BlockNumber last_block;
     BlockNumber nblocks;
     const char *skip;
 
     /* Check to see if caller supports us returning a tuplestore */
     if (rsinfo == NULL || !IsA(rsinfo, ReturnSetInfo))
         ereport(ERROR,
                 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
                  errmsg("set-valued function called in context that cannot accept a set")));
     if (!(rsinfo->allowedModes & SFRM_Materialize))
         ereport(ERROR,
                 (errcode(ERRCODE_SYNTAX_ERROR),
                  errmsg("materialize mode required, but it is not allowed in this context")));
 
     /* Check supplied arguments */
     if (PG_ARGISNULL(0))
         ereport(ERROR,
                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                  errmsg("relation cannot be null")));
     relid = PG_GETARG_OID(0);
 
     if (PG_ARGISNULL(1))
         ereport(ERROR,
                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                  errmsg("on_error_stop cannot be null")));
     on_error_stop = PG_GETARG_BOOL(1);
 
     if (PG_ARGISNULL(2))
         ereport(ERROR,
                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                  errmsg("check_toast cannot be null")));
     check_toast = PG_GETARG_BOOL(2);
 
     if (PG_ARGISNULL(3))
         ereport(ERROR,
                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                  errmsg("skip cannot be null")));
     skip = text_to_cstring(PG_GETARG_TEXT_PP(3));
     if (pg_strcasecmp(skip, "all-visible") == 0)
         skip_option = SKIP_PAGES_ALL_VISIBLE;
     else if (pg_strcasecmp(skip, "all-frozen") == 0)
         skip_option = SKIP_PAGES_ALL_FROZEN;
     else if (pg_strcasecmp(skip, "none") == 0)
         skip_option = SKIP_PAGES_NONE;
     else
         ereport(ERROR,
                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                  errmsg("invalid skip option"),
                  errhint("Valid skip options are \"all-visible\", \"all-frozen\", and \"none\".")));
 
     memset(&ctx, 0, sizeof(HeapCheckContext));
     ctx.cached_xid = InvalidTransactionId;
 
     /*
      * If we report corruption when not examining some individual attribute,
      * we need attnum to be reported as NULL.  Set that up before any
      * corruption reporting might happen.
      */
     ctx.attnum = -1;
 
     /* The tupdesc and tuplestore must be created in ecxt_per_query_memory */
     old_context = MemoryContextSwitchTo(rsinfo->econtext->ecxt_per_query_memory);
     random_access = (rsinfo->allowedModes & SFRM_Materialize_Random) != 0;
     ctx.tupdesc = verify_heapam_tupdesc();
     ctx.tupstore = tuplestore_begin_heap(random_access, false, work_mem);
     rsinfo->returnMode = SFRM_Materialize;
     rsinfo->setResult = ctx.tupstore;
     rsinfo->setDesc = ctx.tupdesc;
     MemoryContextSwitchTo(old_context);
 
     /* Open relation, check relkind and access method, and check privileges */
     ctx.rel = relation_open(relid, AccessShareLock);
     sanity_check_relation(ctx.rel);
 
     /* Early exit if the relation is empty */
     nblocks = RelationGetNumberOfBlocks(ctx.rel);
     if (!nblocks)
     {
         relation_close(ctx.rel, AccessShareLock);
         PG_RETURN_NULL();
     }
 
     ctx.bstrategy = GetAccessStrategy(BAS_BULKREAD);
     ctx.buffer = InvalidBuffer;
     ctx.page = NULL;
 
     /* Validate block numbers, or handle nulls. */
     if (PG_ARGISNULL(4))
         first_block = 0;
     else
     {
         int64       fb = PG_GETARG_INT64(4);
 
         if (fb < 0 || fb >= nblocks)
             ereport(ERROR,
                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                      errmsg("starting block number must be between 0 and %u",
                             nblocks - 1)));
         first_block = (BlockNumber) fb;
     }
     if (PG_ARGISNULL(5))
         last_block = nblocks - 1;
     else
     {
         int64       lb = PG_GETARG_INT64(5);
 
         if (lb < 0 || lb >= nblocks)
             ereport(ERROR,
                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                      errmsg("ending block number must be between 0 and %u",
                             nblocks - 1)));
         last_block = (BlockNumber) lb;
     }
 
     /* Optionally open the toast relation, if any. */
     if (ctx.rel->rd_rel->reltoastrelid && check_toast)
     {
         int         offset;
 
         /* Main relation has associated toast relation */
         ctx.toast_rel = table_open(ctx.rel->rd_rel->reltoastrelid,
                                    AccessShareLock);
         offset = toast_open_indexes(ctx.toast_rel,
                                     AccessShareLock,
                                     &(ctx.toast_indexes),
                                     &(ctx.num_toast_indexes));
         ctx.valid_toast_index = ctx.toast_indexes[offset];
     }
     else
     {
         /*
          * Main relation has no associated toast relation, or we're
          * intentionally skipping it.
          */
         ctx.toast_rel = NULL;
         ctx.toast_indexes = NULL;
         ctx.num_toast_indexes = 0;
     }
 
     update_cached_xid_range(&ctx);
     update_cached_mxid_range(&ctx);
     ctx.relfrozenxid = ctx.rel->rd_rel->relfrozenxid;
     ctx.relfrozenfxid = FullTransactionIdFromXidAndCtx(ctx.relfrozenxid, &ctx);
     ctx.relminmxid = ctx.rel->rd_rel->relminmxid;
 
     if (TransactionIdIsNormal(ctx.relfrozenxid))
         ctx.oldest_xid = ctx.relfrozenxid;
 
     for (ctx.blkno = first_block; ctx.blkno <= last_block; ctx.blkno++)
     {
         OffsetNumber maxoff;
 
         /* Optionally skip over all-frozen or all-visible blocks */
         if (skip_option != SKIP_PAGES_NONE)
         {
             int32       mapbits;
 
             mapbits = (int32) visibilitymap_get_status(ctx.rel, ctx.blkno,
                                                        &vmbuffer);
             if (skip_option == SKIP_PAGES_ALL_FROZEN)
             {
                 if ((mapbits & VISIBILITYMAP_ALL_FROZEN) != 0)
                     continue;
             }
 
             if (skip_option == SKIP_PAGES_ALL_VISIBLE)
             {
                 if ((mapbits & VISIBILITYMAP_ALL_VISIBLE) != 0)
                     continue;
             }
         }
 
         /* Read and lock the next page. */
         ctx.buffer = ReadBufferExtended(ctx.rel, MAIN_FORKNUM, ctx.blkno,
                                         RBM_NORMAL, ctx.bstrategy);
         LockBuffer(ctx.buffer, BUFFER_LOCK_SHARE);
         ctx.page = BufferGetPage(ctx.buffer);
 
         /* Perform tuple checks */
         maxoff = PageGetMaxOffsetNumber(ctx.page);
         for (ctx.offnum = FirstOffsetNumber; ctx.offnum <= maxoff;
              ctx.offnum = OffsetNumberNext(ctx.offnum))
         {
             ctx.itemid = PageGetItemId(ctx.page, ctx.offnum);
 
             /* Skip over unused/dead line pointers */
             if (!ItemIdIsUsed(ctx.itemid) || ItemIdIsDead(ctx.itemid))
                 continue;
 
             /*
              * If this line pointer has been redirected, check that it
              * redirects to a valid offset within the line pointer array
              */
             if (ItemIdIsRedirected(ctx.itemid))
             {
                 OffsetNumber rdoffnum = ItemIdGetRedirect(ctx.itemid);
                 ItemId      rditem;
 
                 if (rdoffnum < FirstOffsetNumber)
                 {
                     report_corruption(&ctx,
                                       psprintf("line pointer redirection to item at offset %u precedes minimum offset %u",
                                                (unsigned) rdoffnum,
                                                (unsigned) FirstOffsetNumber));
                     continue;
                 }
                 if (rdoffnum > maxoff)
                 {
                     report_corruption(&ctx,
                                       psprintf("line pointer redirection to item at offset %u exceeds maximum offset %u",
                                                (unsigned) rdoffnum,
                                                (unsigned) maxoff));
                     continue;
                 }
                 rditem = PageGetItemId(ctx.page, rdoffnum);
                 if (!ItemIdIsUsed(rditem))
                     report_corruption(&ctx,
                                       psprintf("line pointer redirection to unused item at offset %u",
                                                (unsigned) rdoffnum));
                 continue;
             }
 
             /* Sanity-check the line pointer's offset and length values */
             ctx.lp_len = ItemIdGetLength(ctx.itemid);
             ctx.lp_off = ItemIdGetOffset(ctx.itemid);
 
             if (ctx.lp_off != MAXALIGN(ctx.lp_off))
             {
                 report_corruption(&ctx,
                                   psprintf("line pointer to page offset %u is not maximally aligned",
                                            ctx.lp_off));
                 continue;
             }
             if (ctx.lp_len < MAXALIGN(SizeofHeapTupleHeader))
             {
                 report_corruption(&ctx,
                                   psprintf("line pointer length %u is less than the minimum tuple header size %u",
                                            ctx.lp_len,
                                            (unsigned) MAXALIGN(SizeofHeapTupleHeader)));
                 continue;
             }
             if (ctx.lp_off + ctx.lp_len > BLCKSZ)
             {
                 report_corruption(&ctx,
                                   psprintf("line pointer to page offset %u with length %u ends beyond maximum page offset %u",
                                            ctx.lp_off,
                                            ctx.lp_len,
                                            (unsigned) BLCKSZ));
                 continue;
             }
 
             /* It should be safe to examine the tuple's header, at least */
             ctx.tuphdr = (HeapTupleHeader) PageGetItem(ctx.page, ctx.itemid);
             ctx.natts = HeapTupleHeaderGetNatts(ctx.tuphdr);
 
             /* Ok, ready to check this next tuple */
             check_tuple(&ctx);
         }
 
         /* clean up */
         UnlockReleaseBuffer(ctx.buffer);
 
         if (on_error_stop && ctx.is_corrupt)
             break;
     }
 
     if (vmbuffer != InvalidBuffer)
         ReleaseBuffer(vmbuffer);
 
     /* Close the associated toast table and indexes, if any. */
     if (ctx.toast_indexes)
         toast_close_indexes(ctx.toast_indexes, ctx.num_toast_indexes,
                             AccessShareLock);
     if (ctx.toast_rel)
         table_close(ctx.toast_rel, AccessShareLock);
 
     /* Close the main relation */
     relation_close(ctx.rel, AccessShareLock);
 
     PG_RETURN_NULL();
 }

◆ verify_heapam_tupdesc()

static TupleDesc verify_heapam_tupdesc ( void )

static

Definition at line 542 of file verify_heapam.c.

References Assert, BlessTupleDesc(), CreateTemplateTupleDesc(), HEAPCHECK_RELATION_COLS, HeapCheckContext::tupdesc, and TupleDescInitEntry().

Referenced by verify_heapam().

 {
     TupleDesc   tupdesc;
     AttrNumber  a = 0;
 
     tupdesc = CreateTemplateTupleDesc(HEAPCHECK_RELATION_COLS);
     TupleDescInitEntry(tupdesc, ++a, "blkno", INT8OID, -1, 0);
     TupleDescInitEntry(tupdesc, ++a, "offnum", INT4OID, -1, 0);
     TupleDescInitEntry(tupdesc, ++a, "attnum", INT4OID, -1, 0);
     TupleDescInitEntry(tupdesc, ++a, "msg", TEXTOID, -1, 0);
     Assert(a == HEAPCHECK_RELATION_COLS);
 
     return BlessTupleDesc(tupdesc);
 }

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

◆ HEAPCHECK_RELATION_COLS

Typedef Documentation

◆ HeapCheckContext

◆ SkipPages

◆ XidBoundsViolation

◆ XidCommitStatus

Enumeration Type Documentation

◆ SkipPages

◆ XidBoundsViolation

◆ XidCommitStatus

Function Documentation

◆ check_mxid_in_range()

◆ check_mxid_valid_in_rel()

◆ check_toast_tuple()

◆ check_tuple()

◆ check_tuple_attribute()

◆ check_tuple_header_and_visibilty()

◆ FullTransactionIdFromXidAndCtx()

◆ fxid_in_cached_range()

◆ get_xid_status()

◆ PG_FUNCTION_INFO_V1()

◆ report_corruption()

◆ sanity_check_relation()

◆ update_cached_mxid_range()

◆ update_cached_xid_range()

◆ verify_heapam()

◆ verify_heapam_tupdesc()